CVE-2026-27608 (GCVE-0-2026-27608)

Vulnerability from cvelistv5 – Published: 2026-02-25 02:16 – Updated: 2026-02-25 18:58
VLAI?
Title
Parse Dashboard Missing Authorization on Agent Endpoint
Summary
Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint (`POST /apps/:appId/agent`) does not enforce authorization. Authenticated users scoped to specific apps can access any other app's agent endpoint by changing the app ID in the URL. Read-only users are given the full master key instead of the read-only master key and can supply write permissions in the request body to perform write and delete operations. Only dashboards with `agent` configuration enabled are affected. The fix in version 9.0.0-alpha.8 adds per-app authorization checks and restricts read-only users to the `readOnlyMasterKey` with write permissions stripped server-side. As a workaround, remove the `agent` configuration block from your dashboard configuration. Dashboards without an `agent` config are not affected.
Severity ?
9.3 (Critical)
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
CWE
Assigner
References
Impacted products
Vendor Product Version
parse-community parse-dashboard Affected: >= 7.3.0-alpha.42, < 9.0.0-alpha.8
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-27608",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-25T18:55:55.191858Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-25T18:58:39.218Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "parse-dashboard",
          "vendor": "parse-community",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 7.3.0-alpha.42, \u003c 9.0.0-alpha.8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint (`POST /apps/:appId/agent`) does not enforce authorization. Authenticated users scoped to specific apps can access any other app\u0027s agent endpoint by changing the app ID in the URL. Read-only users are given the full master key instead of the read-only master key and can supply write permissions in the request body to perform write and delete operations. Only dashboards with `agent` configuration enabled are affected. The fix in version 9.0.0-alpha.8 adds per-app authorization checks and restricts read-only users to the `readOnlyMasterKey` with write permissions stripped server-side. As a workaround, remove the `agent` configuration block from your dashboard configuration. Dashboards without an `agent` config are not affected."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862: Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-25T02:16:30.622Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/parse-community/parse-dashboard/security/advisories/GHSA-cvwj-6c9h-jg6v",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/parse-community/parse-dashboard/security/advisories/GHSA-cvwj-6c9h-jg6v"
        },
        {
          "name": "https://github.com/parse-community/parse-dashboard/releases/tag/9.0.0-alpha.8",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/parse-community/parse-dashboard/releases/tag/9.0.0-alpha.8"
        }
      ],
      "source": {
        "advisory": "GHSA-cvwj-6c9h-jg6v",
        "discovery": "UNKNOWN"
      },
      "title": "Parse Dashboard Missing Authorization on Agent Endpoint"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-27608",
    "datePublished": "2026-02-25T02:16:30.622Z",
    "dateReserved": "2026-02-20T19:43:14.602Z",
    "dateUpdated": "2026-02-25T18:58:39.218Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-27608\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-02-25T03:16:04.960\",\"lastModified\":\"2026-02-27T19:17:16.280\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint (`POST /apps/:appId/agent`) does not enforce authorization. Authenticated users scoped to specific apps can access any other app\u0027s agent endpoint by changing the app ID in the URL. Read-only users are given the full master key instead of the read-only master key and can supply write permissions in the request body to perform write and delete operations. Only dashboards with `agent` configuration enabled are affected. The fix in version 9.0.0-alpha.8 adds per-app authorization checks and restricts read-only users to the `readOnlyMasterKey` with write permissions stripped server-side. As a workaround, remove the `agent` configuration block from your dashboard configuration. Dashboards without an `agent` config are not affected.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":9.3,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha.42:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"D4744D8A-C870-492A-AD66-D6CB083CD7A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha.43:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"23F5E70B-99F7-46FE-A13B-D2B9B9BFDF05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha.44:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"6F3FE9CD-0F0B-4AB8-BB42-04B23C1DEF27\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha.5:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"1F87B033-9ADD-4DBB-BC6C-A3EBE7502CF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha.6:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"F5263840-349D-42E1-BAB1-AB6826B588B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha.7:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"640870FE-F70F-401D-A749-3CD0EF66A436\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha.8:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"64F0B732-1E46-4B86-BDC0-4F1025989DFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha.9:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"3427EA35-6D06-4D44-B4E0-63F36908D506\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha.1:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"87F8BED8-AA0B-4BB4-817A-ECF3581DB66B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha.2:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"306508B1-2E2A-4A76-A67C-1F8A15D5EC7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha.3:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"AA055428-E398-4766-9C08-66D2113CE7EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha.4:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"9CC5FAB0-7046-40B0-842D-138BD8CC8B28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha.5:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"AF1A1FFC-9FE6-4596-9377-8A410517748D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:7.5.0:alpha.1:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"638E5B8B-F2F1-47AC-AD0D-7AD7835CB6CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:7.5.0:alpha.2:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"8AC5C34F-1B61-4A65-811E-5CC7DBFF4FBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.1:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"F95EFF10-2977-4330-B2AB-9E0A1038AB6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.10:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"8A3B3D71-CD51-41C4-A756-F741FC9A17AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.11:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"46A42216-C604-4CFF-A7D5-0E2EBB253F70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.12:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"233F7D1F-C707-45D6-BF37-EF196A1CA655\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.13:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"27EBFA6E-9582-49F4-A62D-B9B39F873D5F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.2:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"4D211D67-C766-4FE0-A050-688DCC4E4137\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.3:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"CC066843-6A98-4B8B-B679-D8A229D0F1CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.4:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"35336E10-BC3C-4B0E-9AF0-66B44A7EEF53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.5:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"19F7A05A-4E95-4637-B4E9-23CB9A4C2E24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.6:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"9D5A6432-BA21-4AE7-A6D3-5B711B961B2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.7:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"28C73478-4D60-48A2-8A43-9005B222792C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.8:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"F01C2CA5-BB6D-465F-9B3E-D9DCC04DAF53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.9:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"EAF9B9F4-B53F-4A07-B99D-C61FEDD09C3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha.1:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"799C425B-06A3-4E3E-AC7F-67B7DE9974B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha.2:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"635D4195-A97E-4536-9C69-C5E3EC3D206C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha.3:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"76266618-3291-42B8-ABF9-3161C9A2A335\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha.4:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"798C040F-8F99-4460-B37D-335DF063442B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha.5:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"B7C33A71-E752-43D4-A164-740750ABD096\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha.6:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"F580DE3E-263A-4503-8B06-08C5FF1AC4A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.1:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"E4B5D579-9F10-4EE2-975C-760D7945C781\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.10:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"F2B34014-7733-4630-9AEA-85433E95F9D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.11:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"10BBA4C5-F9BB-4D5A-A1BE-EC99FFEA2D10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.12:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"C14764E6-2751-4507-8FBF-ABBB95B73C49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.13:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"EA5558A0-D654-47AF-A661-21B15CC5374D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.2:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"ACD4CD5D-B16D-4C15-8055-A6EE5C96F389\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.3:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"77E011B6-E73B-4CD7-AED3-E8F293907769\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.4:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"DF030EED-A04A-4294-89BE-D67981373CF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.5:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"5C610597-192B-436C-B773-3578EE1135EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.6:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"596F09DA-7A82-4A49-BA5F-A3457D5D1895\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.7:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"AC8D2A19-26A2-43EA-874D-0AECECF38F0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.8:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"61E484CB-FE4E-446A-9E4A-7D7FBB90D5A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.9:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"EEFB299E-5AE8-4BC7-AE41-9861C3C6E5D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.1.1:alpha.1:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"F2BAFB77-61AB-4590-91A5-E6006CCFD60F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.1:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"250C3970-411A-45CA-A0F1-3336979795D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.10:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"DE488750-1330-43A2-97DE-3D3BF1E808EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.11:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"E95F30F2-0AC8-4A22-AA66-DB80325EBA75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.12:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"AE191589-6E7C-4634-A9D8-1B1E7F8343DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.13:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"860229EC-16ED-439A-A34E-5D3F85FFDCC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.14:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"E4F3001C-E518-479B-8A57-E34FFFAA4FA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.15:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"A73F6299-1A0C-4A73-89C8-48885E11F65C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.16:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"C71D6779-24D2-4AF0-BEF1-FE99BC95BB26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.17:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"EC64EC9A-F109-4BBE-935A-CFD7DC8DB2C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.18:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"6F2CDBCA-5552-42BE-8DC8-4741679971D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.19:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"80D51A30-78E8-40DE-809D-9FF619A23158\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.2:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"C1791CCB-E96B-465C-B57B-C7B97A437642\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.20:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"DA617937-2E8B-4955-BD27-65C3CC4013B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.21:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"1307D569-70FD-4253-A14C-29F3CDA35EF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.22:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"DFA69B19-9A2C-40F9-88F4-B43389B6A56D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.23:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"FBC724FF-FDE9-440B-8CC2-AF210114CF33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.24:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"BA0E1A98-C42C-43BC-B409-25F033677BEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.25:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"1133B673-D917-4919-9F6B-A11E9C86BCAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.26:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"EC9747A1-F2E5-4973-B56C-B6E0A42024BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.27:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"91951F15-C571-42C1-897A-B3D3C2B70A51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.3:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"1292ACFD-4CA4-4F7E-B7DB-8B3CA85C5B84\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.4:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"2C6E2816-60F8-4297-B3C7-3EFA2C3BDD1D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.5:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"2A7E1989-6E7F-4700-B779-7E39CB695E7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.6:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"EC4E8293-59A7-4F47-B2F5-2F950B93E16A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.7:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"BBA14C23-4DBF-47C8-8FB3-9233C54247BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.8:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"DE07DB4E-85AB-4495-B81D-2478E1CD0FD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.9:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"F4260AB5-24D7-4D6C-B55F-3129BDDBEF8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.1:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"7A4300AF-10D6-4E09-B6DF-B28144F8E024\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.10:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"C11B2FEB-7617-49DA-AB18-CA2F37367480\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.11:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"B606D916-B540-465A-946B-2FEBF2850916\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.12:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"FCE2860A-1826-4A8B-A66F-D11733F9103D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.13:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"E84297DB-5816-4FA5-8696-204CAF1BEF6B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.14:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"C9219C64-059A-4A3E-8836-AAD56D40CEEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.15:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"57353E36-EFA9-402B-AFF5-AFADACCEE6E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.16:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"57CFDD8F-7705-43EC-938C-100A750BF6A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.17:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"9330CE70-6112-4194-81FF-B58A073447EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.18:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"D6EC7E97-76CE-4749-BDF9-409C3C5D5836\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.19:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"A555D06A-B5B1-4ADB-B920-F7509691DC07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.2:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"7EA2C3DD-9ADE-4089-A358-7866A460BB62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.20:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"2E197079-35B1-4896-9A6D-29FF88C95338\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.21:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"E6AA3ECC-E3FA-49AF-916F-37691A3BD04A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.22:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"5D54DA67-239B-4340-85ED-9BD93D19A83A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.23:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"5381B696-F48C-4763-BF8B-B10CF0134473\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.24:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"9A10EB23-2504-4D98-8D1E-3398D9A386AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.25:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"88C6CCC3-FA1C-4CA5-896D-0ECFE1C5F3A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.26:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"D5107B7E-0270-44EA-97AD-E186A83FC0A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.27:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"530AE8D8-8D69-4F38-A8A9-78BB6FFEF18E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.28:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"D1DC1670-DB4B-4B2E-9B86-51B5C143C199\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.29:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"F1877E4D-26D2-4904-8053-D3C4A2A12C79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.3:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"60F9E180-C44C-4C7A-B05C-1D188061DA73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.30:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"0020AAB4-42B4-4FDA-8980-3BB478B0D933\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.31:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"35EB35EF-46C4-4A75-B8E6-7C29C776D5C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.32:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"6C59AEF9-1C8C-41C0-8786-55CB41AA1829\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.33:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"6EA1686D-E53A-4C35-8743-09FF7F2C6795\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.34:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"0897894F-2D60-4E27-827C-ACBA6E30FABB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.35:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"2FB28994-3EB1-4857-B2F1-6210D61A61D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.36:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"137F6EAA-831A-42C0-B003-FB4F583D7279\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.37:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"E41A87FE-1651-4A7A-8E32-2B20D69F5593\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.38:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"D791B7C0-E3E7-4BE4-A691-8398263CC901\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.39:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"177C31B7-05D9-4690-897A-2FDBC406AB0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.4:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"8FD4CC16-C0F6-4C05-970D-B54E84A8C7FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.40:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"2F1B8B29-DFAD-4634-AC12-C1DFF2FBA5C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.41:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"57FB28C9-5DE8-4D09-9BDE-FFFBD7516F6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.42:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"8589D874-D29D-4583-A1DA-59D8F39027A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.43:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"13A8384B-B775-41C9-96F5-20186B6D82BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.5:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"2948F800-5515-4729-A82D-2DACA81BA2DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.6:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"1A253A5D-C7DB-4B64-A77A-D03FEFBDC8BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.7:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"1DECD32E-1F70-4AA0-9AA7-8E25CDC611C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.8:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"7D1B3EF0-F7E5-46E4-8741-B234A4389137\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.9:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"C694360B-3347-4F9F-A621-080C0EAC4DAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.4.0:alpha.1:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"49AA820D-E082-47D2-803D-6B54476C0203\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.4.1:alpha.1:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"85F7BCC9-C07E-41ED-B172-2FBE6EC25281\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.4.1:alpha.2:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"5148D58F-AB4C-46F0-8BD0-0F67E908D268\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha.1:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"487A1716-0D40-44A0-9F38-5FE7CA8EB7BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha.2:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"52BF57A4-CA0D-4573-AD58-6E2572A7F6C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha.3:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"31B0DA15-56F5-4CAF-B143-BFCF15B9FC8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha.4:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"42263CAA-72DA-4B09-81B7-6E25DDF9FF85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha.5:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"A72FAF71-B360-4CAD-8369-22FA7203059E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha.6:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"3A15C600-A7E7-43BA-85A5-33EF4A580BC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha.7:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"E0FF7351-1107-4C32-A33B-A72929B8B08A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha.1:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"BC47F04B-0CAB-4F59-AD13-098E01F33ABF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha.2:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"8A0BEBE6-165D-4E02-84FB-0CE15101B7E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha.3:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"E50D6B9B-1480-4FFC-A5E1-0AC266B5505D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha.4:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"63696822-C9C4-4094-B2A6-CD3026748EB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha.5:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"2694A32A-009C-4189-849B-2388D53B0276\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha.6:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"FDF833EE-1D53-49EE-8FE5-2D8E56F66AE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha.7:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"2458B177-3461-425A-89AA-13866FE27028\"}]}]}],\"references\":[{\"url\":\"https://github.com/parse-community/parse-dashboard/releases/tag/9.0.0-alpha.8\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/parse-community/parse-dashboard/security/advisories/GHSA-cvwj-6c9h-jg6v\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-27608\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-25T18:55:55.191858Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-25T18:56:10.501Z\"}}], \"cna\": {\"title\": \"Parse Dashboard Missing Authorization on Agent Endpoint\", \"source\": {\"advisory\": \"GHSA-cvwj-6c9h-jg6v\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 9.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"parse-community\", \"product\": \"parse-dashboard\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 7.3.0-alpha.42, \u003c 9.0.0-alpha.8\"}]}], \"references\": [{\"url\": \"https://github.com/parse-community/parse-dashboard/security/advisories/GHSA-cvwj-6c9h-jg6v\", \"name\": \"https://github.com/parse-community/parse-dashboard/security/advisories/GHSA-cvwj-6c9h-jg6v\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/parse-community/parse-dashboard/releases/tag/9.0.0-alpha.8\", \"name\": \"https://github.com/parse-community/parse-dashboard/releases/tag/9.0.0-alpha.8\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint (`POST /apps/:appId/agent`) does not enforce authorization. Authenticated users scoped to specific apps can access any other app\u0027s agent endpoint by changing the app ID in the URL. Read-only users are given the full master key instead of the read-only master key and can supply write permissions in the request body to perform write and delete operations. Only dashboards with `agent` configuration enabled are affected. The fix in version 9.0.0-alpha.8 adds per-app authorization checks and restricts read-only users to the `readOnlyMasterKey` with write permissions stripped server-side. As a workaround, remove the `agent` configuration block from your dashboard configuration. Dashboards without an `agent` config are not affected.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-862\", \"description\": \"CWE-862: Missing Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-02-25T02:16:30.622Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-27608\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-25T18:58:39.218Z\", \"dateReserved\": \"2026-02-20T19:43:14.602Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-02-25T02:16:30.622Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.