Vulnerability-Lookup

FKIE_CVE-2026-27610

Vulnerability from fkie_nvd - Published: 2026-02-25 03:16 - Updated: 2026-02-27 19:14

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the `ConfigKeyCache` uses the same cache key for both master key and read-only master key when resolving function-typed keys. Under specific timing conditions, a read-only user can receive the cached full master key, or a regular user can receive the cached read-only master key. The fix in version 9.0.0-alpha.8 uses distinct cache keys for master key and read-only master key. As a workaround, avoid using function-typed master keys, or remove the `agent` configuration block from your dashboard configuration.

References

URL	Tags
security-advisories@github.com	https://github.com/parse-community/parse-dashboard/commit/f92a9ef5246d57e51696bd881a15f3b133b2bb50	Patch
security-advisories@github.com	https://github.com/parse-community/parse-dashboard/releases/tag/9.0.0-alpha.8	Release Notes
security-advisories@github.com	https://github.com/parse-community/parse-dashboard/security/advisories/GHSA-jhp4-jvq3-w5xr	Vendor Advisory

Impacted products

Vendor	Product	Version
parseplatform	parse_dashboard	7.3.0
parseplatform	parse_dashboard	7.3.0
parseplatform	parse_dashboard	7.3.0
parseplatform	parse_dashboard	7.3.0
parseplatform	parse_dashboard	7.3.0
parseplatform	parse_dashboard	7.3.0
parseplatform	parse_dashboard	7.3.0
parseplatform	parse_dashboard	7.3.0
parseplatform	parse_dashboard	7.4.0
parseplatform	parse_dashboard	7.4.0
parseplatform	parse_dashboard	7.4.0
parseplatform	parse_dashboard	7.4.0
parseplatform	parse_dashboard	7.4.0
parseplatform	parse_dashboard	7.5.0
parseplatform	parse_dashboard	7.5.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	8.0.0
parseplatform	parse_dashboard	8.0.0
parseplatform	parse_dashboard	8.0.0
parseplatform	parse_dashboard	8.0.0
parseplatform	parse_dashboard	8.0.0
parseplatform	parse_dashboard	8.0.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.1
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.4.0
parseplatform	parse_dashboard	8.4.1
parseplatform	parse_dashboard	8.4.1
parseplatform	parse_dashboard	8.5.0
parseplatform	parse_dashboard	8.5.0
parseplatform	parse_dashboard	8.5.0
parseplatform	parse_dashboard	8.5.0
parseplatform	parse_dashboard	8.5.0
parseplatform	parse_dashboard	8.5.0
parseplatform	parse_dashboard	8.5.0
parseplatform	parse_dashboard	9.0.0
parseplatform	parse_dashboard	9.0.0
parseplatform	parse_dashboard	9.0.0
parseplatform	parse_dashboard	9.0.0
parseplatform	parse_dashboard	9.0.0
parseplatform	parse_dashboard	9.0.0
parseplatform	parse_dashboard	9.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha.42:*:*:*:node.js:*:*",
              "matchCriteriaId": "D4744D8A-C870-492A-AD66-D6CB083CD7A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha.43:*:*:*:node.js:*:*",
              "matchCriteriaId": "23F5E70B-99F7-46FE-A13B-D2B9B9BFDF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha.44:*:*:*:node.js:*:*",
              "matchCriteriaId": "6F3FE9CD-0F0B-4AB8-BB42-04B23C1DEF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha.5:*:*:*:node.js:*:*",
              "matchCriteriaId": "1F87B033-9ADD-4DBB-BC6C-A3EBE7502CF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha.6:*:*:*:node.js:*:*",
              "matchCriteriaId": "F5263840-349D-42E1-BAB1-AB6826B588B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha.7:*:*:*:node.js:*:*",
              "matchCriteriaId": "640870FE-F70F-401D-A749-3CD0EF66A436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha.8:*:*:*:node.js:*:*",
              "matchCriteriaId": "64F0B732-1E46-4B86-BDC0-4F1025989DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha.9:*:*:*:node.js:*:*",
              "matchCriteriaId": "3427EA35-6D06-4D44-B4E0-63F36908D506",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "87F8BED8-AA0B-4BB4-817A-ECF3581DB66B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha.2:*:*:*:node.js:*:*",
              "matchCriteriaId": "306508B1-2E2A-4A76-A67C-1F8A15D5EC7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha.3:*:*:*:node.js:*:*",
              "matchCriteriaId": "AA055428-E398-4766-9C08-66D2113CE7EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha.4:*:*:*:node.js:*:*",
              "matchCriteriaId": "9CC5FAB0-7046-40B0-842D-138BD8CC8B28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha.5:*:*:*:node.js:*:*",
              "matchCriteriaId": "AF1A1FFC-9FE6-4596-9377-8A410517748D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.5.0:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "638E5B8B-F2F1-47AC-AD0D-7AD7835CB6CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.5.0:alpha.2:*:*:*:node.js:*:*",
              "matchCriteriaId": "8AC5C34F-1B61-4A65-811E-5CC7DBFF4FBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "F95EFF10-2977-4330-B2AB-9E0A1038AB6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.10:*:*:*:node.js:*:*",
              "matchCriteriaId": "8A3B3D71-CD51-41C4-A756-F741FC9A17AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.11:*:*:*:node.js:*:*",
              "matchCriteriaId": "46A42216-C604-4CFF-A7D5-0E2EBB253F70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.12:*:*:*:node.js:*:*",
              "matchCriteriaId": "233F7D1F-C707-45D6-BF37-EF196A1CA655",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.13:*:*:*:node.js:*:*",
              "matchCriteriaId": "27EBFA6E-9582-49F4-A62D-B9B39F873D5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.2:*:*:*:node.js:*:*",
              "matchCriteriaId": "4D211D67-C766-4FE0-A050-688DCC4E4137",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.3:*:*:*:node.js:*:*",
              "matchCriteriaId": "CC066843-6A98-4B8B-B679-D8A229D0F1CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.4:*:*:*:node.js:*:*",
              "matchCriteriaId": "35336E10-BC3C-4B0E-9AF0-66B44A7EEF53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.5:*:*:*:node.js:*:*",
              "matchCriteriaId": "19F7A05A-4E95-4637-B4E9-23CB9A4C2E24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.6:*:*:*:node.js:*:*",
              "matchCriteriaId": "9D5A6432-BA21-4AE7-A6D3-5B711B961B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.7:*:*:*:node.js:*:*",
              "matchCriteriaId": "28C73478-4D60-48A2-8A43-9005B222792C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.8:*:*:*:node.js:*:*",
              "matchCriteriaId": "F01C2CA5-BB6D-465F-9B3E-D9DCC04DAF53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.9:*:*:*:node.js:*:*",
              "matchCriteriaId": "EAF9B9F4-B53F-4A07-B99D-C61FEDD09C3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "799C425B-06A3-4E3E-AC7F-67B7DE9974B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha.2:*:*:*:node.js:*:*",
              "matchCriteriaId": "635D4195-A97E-4536-9C69-C5E3EC3D206C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha.3:*:*:*:node.js:*:*",
              "matchCriteriaId": "76266618-3291-42B8-ABF9-3161C9A2A335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha.4:*:*:*:node.js:*:*",
              "matchCriteriaId": "798C040F-8F99-4460-B37D-335DF063442B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha.5:*:*:*:node.js:*:*",
              "matchCriteriaId": "B7C33A71-E752-43D4-A164-740750ABD096",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha.6:*:*:*:node.js:*:*",
              "matchCriteriaId": "F580DE3E-263A-4503-8B06-08C5FF1AC4A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "E4B5D579-9F10-4EE2-975C-760D7945C781",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.10:*:*:*:node.js:*:*",
              "matchCriteriaId": "F2B34014-7733-4630-9AEA-85433E95F9D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.11:*:*:*:node.js:*:*",
              "matchCriteriaId": "10BBA4C5-F9BB-4D5A-A1BE-EC99FFEA2D10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.12:*:*:*:node.js:*:*",
              "matchCriteriaId": "C14764E6-2751-4507-8FBF-ABBB95B73C49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.13:*:*:*:node.js:*:*",
              "matchCriteriaId": "EA5558A0-D654-47AF-A661-21B15CC5374D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.2:*:*:*:node.js:*:*",
              "matchCriteriaId": "ACD4CD5D-B16D-4C15-8055-A6EE5C96F389",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.3:*:*:*:node.js:*:*",
              "matchCriteriaId": "77E011B6-E73B-4CD7-AED3-E8F293907769",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.4:*:*:*:node.js:*:*",
              "matchCriteriaId": "DF030EED-A04A-4294-89BE-D67981373CF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.5:*:*:*:node.js:*:*",
              "matchCriteriaId": "5C610597-192B-436C-B773-3578EE1135EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.6:*:*:*:node.js:*:*",
              "matchCriteriaId": "596F09DA-7A82-4A49-BA5F-A3457D5D1895",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.7:*:*:*:node.js:*:*",
              "matchCriteriaId": "AC8D2A19-26A2-43EA-874D-0AECECF38F0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.8:*:*:*:node.js:*:*",
              "matchCriteriaId": "61E484CB-FE4E-446A-9E4A-7D7FBB90D5A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.9:*:*:*:node.js:*:*",
              "matchCriteriaId": "EEFB299E-5AE8-4BC7-AE41-9861C3C6E5D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.1:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "F2BAFB77-61AB-4590-91A5-E6006CCFD60F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "250C3970-411A-45CA-A0F1-3336979795D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.10:*:*:*:node.js:*:*",
              "matchCriteriaId": "DE488750-1330-43A2-97DE-3D3BF1E808EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.11:*:*:*:node.js:*:*",
              "matchCriteriaId": "E95F30F2-0AC8-4A22-AA66-DB80325EBA75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.12:*:*:*:node.js:*:*",
              "matchCriteriaId": "AE191589-6E7C-4634-A9D8-1B1E7F8343DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.13:*:*:*:node.js:*:*",
              "matchCriteriaId": "860229EC-16ED-439A-A34E-5D3F85FFDCC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.14:*:*:*:node.js:*:*",
              "matchCriteriaId": "E4F3001C-E518-479B-8A57-E34FFFAA4FA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.15:*:*:*:node.js:*:*",
              "matchCriteriaId": "A73F6299-1A0C-4A73-89C8-48885E11F65C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.16:*:*:*:node.js:*:*",
              "matchCriteriaId": "C71D6779-24D2-4AF0-BEF1-FE99BC95BB26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.17:*:*:*:node.js:*:*",
              "matchCriteriaId": "EC64EC9A-F109-4BBE-935A-CFD7DC8DB2C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.18:*:*:*:node.js:*:*",
              "matchCriteriaId": "6F2CDBCA-5552-42BE-8DC8-4741679971D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.19:*:*:*:node.js:*:*",
              "matchCriteriaId": "80D51A30-78E8-40DE-809D-9FF619A23158",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.2:*:*:*:node.js:*:*",
              "matchCriteriaId": "C1791CCB-E96B-465C-B57B-C7B97A437642",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.20:*:*:*:node.js:*:*",
              "matchCriteriaId": "DA617937-2E8B-4955-BD27-65C3CC4013B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.21:*:*:*:node.js:*:*",
              "matchCriteriaId": "1307D569-70FD-4253-A14C-29F3CDA35EF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.22:*:*:*:node.js:*:*",
              "matchCriteriaId": "DFA69B19-9A2C-40F9-88F4-B43389B6A56D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.23:*:*:*:node.js:*:*",
              "matchCriteriaId": "FBC724FF-FDE9-440B-8CC2-AF210114CF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.24:*:*:*:node.js:*:*",
              "matchCriteriaId": "BA0E1A98-C42C-43BC-B409-25F033677BEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.25:*:*:*:node.js:*:*",
              "matchCriteriaId": "1133B673-D917-4919-9F6B-A11E9C86BCAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.26:*:*:*:node.js:*:*",
              "matchCriteriaId": "EC9747A1-F2E5-4973-B56C-B6E0A42024BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.27:*:*:*:node.js:*:*",
              "matchCriteriaId": "91951F15-C571-42C1-897A-B3D3C2B70A51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.3:*:*:*:node.js:*:*",
              "matchCriteriaId": "1292ACFD-4CA4-4F7E-B7DB-8B3CA85C5B84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.4:*:*:*:node.js:*:*",
              "matchCriteriaId": "2C6E2816-60F8-4297-B3C7-3EFA2C3BDD1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.5:*:*:*:node.js:*:*",
              "matchCriteriaId": "2A7E1989-6E7F-4700-B779-7E39CB695E7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.6:*:*:*:node.js:*:*",
              "matchCriteriaId": "EC4E8293-59A7-4F47-B2F5-2F950B93E16A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.7:*:*:*:node.js:*:*",
              "matchCriteriaId": "BBA14C23-4DBF-47C8-8FB3-9233C54247BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.8:*:*:*:node.js:*:*",
              "matchCriteriaId": "DE07DB4E-85AB-4495-B81D-2478E1CD0FD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.9:*:*:*:node.js:*:*",
              "matchCriteriaId": "F4260AB5-24D7-4D6C-B55F-3129BDDBEF8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "7A4300AF-10D6-4E09-B6DF-B28144F8E024",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.10:*:*:*:node.js:*:*",
              "matchCriteriaId": "C11B2FEB-7617-49DA-AB18-CA2F37367480",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.11:*:*:*:node.js:*:*",
              "matchCriteriaId": "B606D916-B540-465A-946B-2FEBF2850916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.12:*:*:*:node.js:*:*",
              "matchCriteriaId": "FCE2860A-1826-4A8B-A66F-D11733F9103D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.13:*:*:*:node.js:*:*",
              "matchCriteriaId": "E84297DB-5816-4FA5-8696-204CAF1BEF6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.14:*:*:*:node.js:*:*",
              "matchCriteriaId": "C9219C64-059A-4A3E-8836-AAD56D40CEEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.15:*:*:*:node.js:*:*",
              "matchCriteriaId": "57353E36-EFA9-402B-AFF5-AFADACCEE6E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.16:*:*:*:node.js:*:*",
              "matchCriteriaId": "57CFDD8F-7705-43EC-938C-100A750BF6A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.17:*:*:*:node.js:*:*",
              "matchCriteriaId": "9330CE70-6112-4194-81FF-B58A073447EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.18:*:*:*:node.js:*:*",
              "matchCriteriaId": "D6EC7E97-76CE-4749-BDF9-409C3C5D5836",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.19:*:*:*:node.js:*:*",
              "matchCriteriaId": "A555D06A-B5B1-4ADB-B920-F7509691DC07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.2:*:*:*:node.js:*:*",
              "matchCriteriaId": "7EA2C3DD-9ADE-4089-A358-7866A460BB62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.20:*:*:*:node.js:*:*",
              "matchCriteriaId": "2E197079-35B1-4896-9A6D-29FF88C95338",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.21:*:*:*:node.js:*:*",
              "matchCriteriaId": "E6AA3ECC-E3FA-49AF-916F-37691A3BD04A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.22:*:*:*:node.js:*:*",
              "matchCriteriaId": "5D54DA67-239B-4340-85ED-9BD93D19A83A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.23:*:*:*:node.js:*:*",
              "matchCriteriaId": "5381B696-F48C-4763-BF8B-B10CF0134473",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.24:*:*:*:node.js:*:*",
              "matchCriteriaId": "9A10EB23-2504-4D98-8D1E-3398D9A386AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.25:*:*:*:node.js:*:*",
              "matchCriteriaId": "88C6CCC3-FA1C-4CA5-896D-0ECFE1C5F3A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.26:*:*:*:node.js:*:*",
              "matchCriteriaId": "D5107B7E-0270-44EA-97AD-E186A83FC0A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.27:*:*:*:node.js:*:*",
              "matchCriteriaId": "530AE8D8-8D69-4F38-A8A9-78BB6FFEF18E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.28:*:*:*:node.js:*:*",
              "matchCriteriaId": "D1DC1670-DB4B-4B2E-9B86-51B5C143C199",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.29:*:*:*:node.js:*:*",
              "matchCriteriaId": "F1877E4D-26D2-4904-8053-D3C4A2A12C79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.3:*:*:*:node.js:*:*",
              "matchCriteriaId": "60F9E180-C44C-4C7A-B05C-1D188061DA73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.30:*:*:*:node.js:*:*",
              "matchCriteriaId": "0020AAB4-42B4-4FDA-8980-3BB478B0D933",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.31:*:*:*:node.js:*:*",
              "matchCriteriaId": "35EB35EF-46C4-4A75-B8E6-7C29C776D5C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.32:*:*:*:node.js:*:*",
              "matchCriteriaId": "6C59AEF9-1C8C-41C0-8786-55CB41AA1829",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.33:*:*:*:node.js:*:*",
              "matchCriteriaId": "6EA1686D-E53A-4C35-8743-09FF7F2C6795",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.34:*:*:*:node.js:*:*",
              "matchCriteriaId": "0897894F-2D60-4E27-827C-ACBA6E30FABB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.35:*:*:*:node.js:*:*",
              "matchCriteriaId": "2FB28994-3EB1-4857-B2F1-6210D61A61D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.36:*:*:*:node.js:*:*",
              "matchCriteriaId": "137F6EAA-831A-42C0-B003-FB4F583D7279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.37:*:*:*:node.js:*:*",
              "matchCriteriaId": "E41A87FE-1651-4A7A-8E32-2B20D69F5593",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.38:*:*:*:node.js:*:*",
              "matchCriteriaId": "D791B7C0-E3E7-4BE4-A691-8398263CC901",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.39:*:*:*:node.js:*:*",
              "matchCriteriaId": "177C31B7-05D9-4690-897A-2FDBC406AB0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.4:*:*:*:node.js:*:*",
              "matchCriteriaId": "8FD4CC16-C0F6-4C05-970D-B54E84A8C7FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.40:*:*:*:node.js:*:*",
              "matchCriteriaId": "2F1B8B29-DFAD-4634-AC12-C1DFF2FBA5C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.41:*:*:*:node.js:*:*",
              "matchCriteriaId": "57FB28C9-5DE8-4D09-9BDE-FFFBD7516F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.42:*:*:*:node.js:*:*",
              "matchCriteriaId": "8589D874-D29D-4583-A1DA-59D8F39027A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.43:*:*:*:node.js:*:*",
              "matchCriteriaId": "13A8384B-B775-41C9-96F5-20186B6D82BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.5:*:*:*:node.js:*:*",
              "matchCriteriaId": "2948F800-5515-4729-A82D-2DACA81BA2DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.6:*:*:*:node.js:*:*",
              "matchCriteriaId": "1A253A5D-C7DB-4B64-A77A-D03FEFBDC8BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.7:*:*:*:node.js:*:*",
              "matchCriteriaId": "1DECD32E-1F70-4AA0-9AA7-8E25CDC611C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.8:*:*:*:node.js:*:*",
              "matchCriteriaId": "7D1B3EF0-F7E5-46E4-8741-B234A4389137",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.9:*:*:*:node.js:*:*",
              "matchCriteriaId": "C694360B-3347-4F9F-A621-080C0EAC4DAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.4.0:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "49AA820D-E082-47D2-803D-6B54476C0203",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.4.1:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "85F7BCC9-C07E-41ED-B172-2FBE6EC25281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.4.1:alpha.2:*:*:*:node.js:*:*",
              "matchCriteriaId": "5148D58F-AB4C-46F0-8BD0-0F67E908D268",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "487A1716-0D40-44A0-9F38-5FE7CA8EB7BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha.2:*:*:*:node.js:*:*",
              "matchCriteriaId": "52BF57A4-CA0D-4573-AD58-6E2572A7F6C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha.3:*:*:*:node.js:*:*",
              "matchCriteriaId": "31B0DA15-56F5-4CAF-B143-BFCF15B9FC8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha.4:*:*:*:node.js:*:*",
              "matchCriteriaId": "42263CAA-72DA-4B09-81B7-6E25DDF9FF85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha.5:*:*:*:node.js:*:*",
              "matchCriteriaId": "A72FAF71-B360-4CAD-8369-22FA7203059E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha.6:*:*:*:node.js:*:*",
              "matchCriteriaId": "3A15C600-A7E7-43BA-85A5-33EF4A580BC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha.7:*:*:*:node.js:*:*",
              "matchCriteriaId": "E0FF7351-1107-4C32-A33B-A72929B8B08A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "BC47F04B-0CAB-4F59-AD13-098E01F33ABF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha.2:*:*:*:node.js:*:*",
              "matchCriteriaId": "8A0BEBE6-165D-4E02-84FB-0CE15101B7E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha.3:*:*:*:node.js:*:*",
              "matchCriteriaId": "E50D6B9B-1480-4FFC-A5E1-0AC266B5505D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha.4:*:*:*:node.js:*:*",
              "matchCriteriaId": "63696822-C9C4-4094-B2A6-CD3026748EB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha.5:*:*:*:node.js:*:*",
              "matchCriteriaId": "2694A32A-009C-4189-849B-2388D53B0276",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha.6:*:*:*:node.js:*:*",
              "matchCriteriaId": "FDF833EE-1D53-49EE-8FE5-2D8E56F66AE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha.7:*:*:*:node.js:*:*",
              "matchCriteriaId": "2458B177-3461-425A-89AA-13866FE27028",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the `ConfigKeyCache` uses the same cache key for both master key and read-only master key when resolving function-typed keys. Under specific timing conditions, a read-only user can receive the cached full master key, or a regular user can receive the cached read-only master key. The fix in version 9.0.0-alpha.8 uses distinct cache keys for master key and read-only master key. As a workaround, avoid using function-typed master keys, or remove the `agent` configuration block from your dashboard configuration."
    },
    {
      "lang": "es",
      "value": "Parse Dashboard es un panel de control independiente para gestionar aplicaciones de Parse Server. En las versiones 7.3.0-alpha.42 hasta la 9.0.0-alpha.7, el `ConfigKeyCache` utiliza la misma clave de cach\u00e9 tanto para la clave maestra como para la clave maestra de solo lectura al resolver claves de tipo funci\u00f3n. Bajo condiciones de tiempo espec\u00edficas, un usuario de solo lectura puede recibir la clave maestra completa en cach\u00e9, o un usuario regular puede recibir la clave maestra de solo lectura en cach\u00e9. La correcci\u00f3n en la versi\u00f3n 9.0.0-alpha.8 utiliza claves de cach\u00e9 distintas para la clave maestra y la clave maestra de solo lectura. Como soluci\u00f3n alternativa, evite usar claves maestras de tipo funci\u00f3n, o elimine el bloque de configuraci\u00f3n `agent` de la configuraci\u00f3n de su panel de control."
    }
  ],
  "id": "CVE-2026-27610",
  "lastModified": "2026-02-27T19:14:29.947",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "HIGH",
          "attackRequirements": "PRESENT",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "LOW",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "HIGH",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-02-25T03:16:05.297",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/parse-community/parse-dashboard/commit/f92a9ef5246d57e51696bd881a15f3b133b2bb50"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/parse-community/parse-dashboard/releases/tag/9.0.0-alpha.8"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/parse-community/parse-dashboard/security/advisories/GHSA-jhp4-jvq3-w5xr"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1289"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

CVE-2026-27610 (GCVE-0-2026-27610)

Vulnerability from cvelistv5 – Published: 2026-02-25 02:19 – Updated: 2026-02-27 17:24

Title

Parse Dashboard Has a Cache Key Collision that Leaks Master Key to Read-Only Sessions

Summary

Severity ?

7 (High)


                        
                          CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N

CWE

CWE-1289 - Improper Validation of Unsafe Equivalence in Input

Assigner

GitHub_M

References

URL

	Vendor	Product	Version
	parse-community	parse-dashboard	Affected: >= 7.3.0-alpha.42, < 9.0.0-alpha.8

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2026-27610

CVE-2026-27610 (GCVE-0-2026-27610)

Tags

Sightings

Nomenclature