Vulnerability-Lookup

FKIE_CVE-2026-27595

Vulnerability from fkie_nvd - Published: 2026-02-25 03:16 - Updated: 2026-02-27 19:18

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint (POST `/apps/:appId/agent`) has multiple security vulnerabilities that, when chained, allow unauthenticated remote attackers to perform arbitrary read and write operations against any connected Parse Server database using the master key. The agent feature is opt-in; dashboards without an agent config are not affected. The fix in version 9.0.0-alpha.8 adds authentication, CSRF validation, and per-app authorization middleware to the agent endpoint. Read-only users are restricted to the `readOnlyMasterKey` with write permissions stripped server-side. A cache key collision between master key and read-only master key was also corrected. As a workaround, remove or comment out the agent configuration block from your Parse Dashboard configuration.

References

	URL	Tags
	security-advisories@github.com	https://github.com/parse-community/parse-dashboard/releases/tag/9.0.0-alpha.8	Release Notes
	security-advisories@github.com	https://github.com/parse-community/parse-dashboard/security/advisories/GHSA-qwc3-h9mg-4582	Vendor Advisory

Impacted products

Vendor	Product	Version
parseplatform	parse_dashboard	7.3.0
parseplatform	parse_dashboard	7.3.0
parseplatform	parse_dashboard	7.3.0
parseplatform	parse_dashboard	7.3.0
parseplatform	parse_dashboard	7.3.0
parseplatform	parse_dashboard	7.3.0
parseplatform	parse_dashboard	7.3.0
parseplatform	parse_dashboard	7.3.0
parseplatform	parse_dashboard	7.4.0
parseplatform	parse_dashboard	7.4.0
parseplatform	parse_dashboard	7.4.0
parseplatform	parse_dashboard	7.4.0
parseplatform	parse_dashboard	7.4.0
parseplatform	parse_dashboard	7.5.0
parseplatform	parse_dashboard	7.5.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	7.6.0
parseplatform	parse_dashboard	8.0.0
parseplatform	parse_dashboard	8.0.0
parseplatform	parse_dashboard	8.0.0
parseplatform	parse_dashboard	8.0.0
parseplatform	parse_dashboard	8.0.0
parseplatform	parse_dashboard	8.0.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.0
parseplatform	parse_dashboard	8.1.1
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.2.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.3.0
parseplatform	parse_dashboard	8.4.0
parseplatform	parse_dashboard	8.4.1
parseplatform	parse_dashboard	8.4.1
parseplatform	parse_dashboard	8.5.0
parseplatform	parse_dashboard	8.5.0
parseplatform	parse_dashboard	8.5.0
parseplatform	parse_dashboard	8.5.0
parseplatform	parse_dashboard	8.5.0
parseplatform	parse_dashboard	8.5.0
parseplatform	parse_dashboard	8.5.0
parseplatform	parse_dashboard	9.0.0
parseplatform	parse_dashboard	9.0.0
parseplatform	parse_dashboard	9.0.0
parseplatform	parse_dashboard	9.0.0
parseplatform	parse_dashboard	9.0.0
parseplatform	parse_dashboard	9.0.0
parseplatform	parse_dashboard	9.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha.42:*:*:*:node.js:*:*",
              "matchCriteriaId": "D4744D8A-C870-492A-AD66-D6CB083CD7A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha.43:*:*:*:node.js:*:*",
              "matchCriteriaId": "23F5E70B-99F7-46FE-A13B-D2B9B9BFDF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha.44:*:*:*:node.js:*:*",
              "matchCriteriaId": "6F3FE9CD-0F0B-4AB8-BB42-04B23C1DEF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha.5:*:*:*:node.js:*:*",
              "matchCriteriaId": "1F87B033-9ADD-4DBB-BC6C-A3EBE7502CF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha.6:*:*:*:node.js:*:*",
              "matchCriteriaId": "F5263840-349D-42E1-BAB1-AB6826B588B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha.7:*:*:*:node.js:*:*",
              "matchCriteriaId": "640870FE-F70F-401D-A749-3CD0EF66A436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha.8:*:*:*:node.js:*:*",
              "matchCriteriaId": "64F0B732-1E46-4B86-BDC0-4F1025989DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.3.0:alpha.9:*:*:*:node.js:*:*",
              "matchCriteriaId": "3427EA35-6D06-4D44-B4E0-63F36908D506",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "87F8BED8-AA0B-4BB4-817A-ECF3581DB66B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha.2:*:*:*:node.js:*:*",
              "matchCriteriaId": "306508B1-2E2A-4A76-A67C-1F8A15D5EC7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha.3:*:*:*:node.js:*:*",
              "matchCriteriaId": "AA055428-E398-4766-9C08-66D2113CE7EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha.4:*:*:*:node.js:*:*",
              "matchCriteriaId": "9CC5FAB0-7046-40B0-842D-138BD8CC8B28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.4.0:alpha.5:*:*:*:node.js:*:*",
              "matchCriteriaId": "AF1A1FFC-9FE6-4596-9377-8A410517748D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.5.0:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "638E5B8B-F2F1-47AC-AD0D-7AD7835CB6CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.5.0:alpha.2:*:*:*:node.js:*:*",
              "matchCriteriaId": "8AC5C34F-1B61-4A65-811E-5CC7DBFF4FBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "F95EFF10-2977-4330-B2AB-9E0A1038AB6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.10:*:*:*:node.js:*:*",
              "matchCriteriaId": "8A3B3D71-CD51-41C4-A756-F741FC9A17AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.11:*:*:*:node.js:*:*",
              "matchCriteriaId": "46A42216-C604-4CFF-A7D5-0E2EBB253F70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.12:*:*:*:node.js:*:*",
              "matchCriteriaId": "233F7D1F-C707-45D6-BF37-EF196A1CA655",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.13:*:*:*:node.js:*:*",
              "matchCriteriaId": "27EBFA6E-9582-49F4-A62D-B9B39F873D5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.2:*:*:*:node.js:*:*",
              "matchCriteriaId": "4D211D67-C766-4FE0-A050-688DCC4E4137",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.3:*:*:*:node.js:*:*",
              "matchCriteriaId": "CC066843-6A98-4B8B-B679-D8A229D0F1CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.4:*:*:*:node.js:*:*",
              "matchCriteriaId": "35336E10-BC3C-4B0E-9AF0-66B44A7EEF53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.5:*:*:*:node.js:*:*",
              "matchCriteriaId": "19F7A05A-4E95-4637-B4E9-23CB9A4C2E24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.6:*:*:*:node.js:*:*",
              "matchCriteriaId": "9D5A6432-BA21-4AE7-A6D3-5B711B961B2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.7:*:*:*:node.js:*:*",
              "matchCriteriaId": "28C73478-4D60-48A2-8A43-9005B222792C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.8:*:*:*:node.js:*:*",
              "matchCriteriaId": "F01C2CA5-BB6D-465F-9B3E-D9DCC04DAF53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:7.6.0:alpha.9:*:*:*:node.js:*:*",
              "matchCriteriaId": "EAF9B9F4-B53F-4A07-B99D-C61FEDD09C3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "799C425B-06A3-4E3E-AC7F-67B7DE9974B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha.2:*:*:*:node.js:*:*",
              "matchCriteriaId": "635D4195-A97E-4536-9C69-C5E3EC3D206C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha.3:*:*:*:node.js:*:*",
              "matchCriteriaId": "76266618-3291-42B8-ABF9-3161C9A2A335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha.4:*:*:*:node.js:*:*",
              "matchCriteriaId": "798C040F-8F99-4460-B37D-335DF063442B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha.5:*:*:*:node.js:*:*",
              "matchCriteriaId": "B7C33A71-E752-43D4-A164-740750ABD096",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.0.0:alpha.6:*:*:*:node.js:*:*",
              "matchCriteriaId": "F580DE3E-263A-4503-8B06-08C5FF1AC4A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "E4B5D579-9F10-4EE2-975C-760D7945C781",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.10:*:*:*:node.js:*:*",
              "matchCriteriaId": "F2B34014-7733-4630-9AEA-85433E95F9D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.11:*:*:*:node.js:*:*",
              "matchCriteriaId": "10BBA4C5-F9BB-4D5A-A1BE-EC99FFEA2D10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.12:*:*:*:node.js:*:*",
              "matchCriteriaId": "C14764E6-2751-4507-8FBF-ABBB95B73C49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.13:*:*:*:node.js:*:*",
              "matchCriteriaId": "EA5558A0-D654-47AF-A661-21B15CC5374D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.2:*:*:*:node.js:*:*",
              "matchCriteriaId": "ACD4CD5D-B16D-4C15-8055-A6EE5C96F389",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.3:*:*:*:node.js:*:*",
              "matchCriteriaId": "77E011B6-E73B-4CD7-AED3-E8F293907769",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.4:*:*:*:node.js:*:*",
              "matchCriteriaId": "DF030EED-A04A-4294-89BE-D67981373CF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.5:*:*:*:node.js:*:*",
              "matchCriteriaId": "5C610597-192B-436C-B773-3578EE1135EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.6:*:*:*:node.js:*:*",
              "matchCriteriaId": "596F09DA-7A82-4A49-BA5F-A3457D5D1895",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.7:*:*:*:node.js:*:*",
              "matchCriteriaId": "AC8D2A19-26A2-43EA-874D-0AECECF38F0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.8:*:*:*:node.js:*:*",
              "matchCriteriaId": "61E484CB-FE4E-446A-9E4A-7D7FBB90D5A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.0:alpha.9:*:*:*:node.js:*:*",
              "matchCriteriaId": "EEFB299E-5AE8-4BC7-AE41-9861C3C6E5D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.1.1:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "F2BAFB77-61AB-4590-91A5-E6006CCFD60F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "250C3970-411A-45CA-A0F1-3336979795D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.10:*:*:*:node.js:*:*",
              "matchCriteriaId": "DE488750-1330-43A2-97DE-3D3BF1E808EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.11:*:*:*:node.js:*:*",
              "matchCriteriaId": "E95F30F2-0AC8-4A22-AA66-DB80325EBA75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.12:*:*:*:node.js:*:*",
              "matchCriteriaId": "AE191589-6E7C-4634-A9D8-1B1E7F8343DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.13:*:*:*:node.js:*:*",
              "matchCriteriaId": "860229EC-16ED-439A-A34E-5D3F85FFDCC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.14:*:*:*:node.js:*:*",
              "matchCriteriaId": "E4F3001C-E518-479B-8A57-E34FFFAA4FA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.15:*:*:*:node.js:*:*",
              "matchCriteriaId": "A73F6299-1A0C-4A73-89C8-48885E11F65C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.16:*:*:*:node.js:*:*",
              "matchCriteriaId": "C71D6779-24D2-4AF0-BEF1-FE99BC95BB26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.17:*:*:*:node.js:*:*",
              "matchCriteriaId": "EC64EC9A-F109-4BBE-935A-CFD7DC8DB2C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.18:*:*:*:node.js:*:*",
              "matchCriteriaId": "6F2CDBCA-5552-42BE-8DC8-4741679971D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.19:*:*:*:node.js:*:*",
              "matchCriteriaId": "80D51A30-78E8-40DE-809D-9FF619A23158",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.2:*:*:*:node.js:*:*",
              "matchCriteriaId": "C1791CCB-E96B-465C-B57B-C7B97A437642",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.20:*:*:*:node.js:*:*",
              "matchCriteriaId": "DA617937-2E8B-4955-BD27-65C3CC4013B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.21:*:*:*:node.js:*:*",
              "matchCriteriaId": "1307D569-70FD-4253-A14C-29F3CDA35EF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.22:*:*:*:node.js:*:*",
              "matchCriteriaId": "DFA69B19-9A2C-40F9-88F4-B43389B6A56D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.23:*:*:*:node.js:*:*",
              "matchCriteriaId": "FBC724FF-FDE9-440B-8CC2-AF210114CF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.24:*:*:*:node.js:*:*",
              "matchCriteriaId": "BA0E1A98-C42C-43BC-B409-25F033677BEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.25:*:*:*:node.js:*:*",
              "matchCriteriaId": "1133B673-D917-4919-9F6B-A11E9C86BCAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.26:*:*:*:node.js:*:*",
              "matchCriteriaId": "EC9747A1-F2E5-4973-B56C-B6E0A42024BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.27:*:*:*:node.js:*:*",
              "matchCriteriaId": "91951F15-C571-42C1-897A-B3D3C2B70A51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.3:*:*:*:node.js:*:*",
              "matchCriteriaId": "1292ACFD-4CA4-4F7E-B7DB-8B3CA85C5B84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.4:*:*:*:node.js:*:*",
              "matchCriteriaId": "2C6E2816-60F8-4297-B3C7-3EFA2C3BDD1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.5:*:*:*:node.js:*:*",
              "matchCriteriaId": "2A7E1989-6E7F-4700-B779-7E39CB695E7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.6:*:*:*:node.js:*:*",
              "matchCriteriaId": "EC4E8293-59A7-4F47-B2F5-2F950B93E16A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.7:*:*:*:node.js:*:*",
              "matchCriteriaId": "BBA14C23-4DBF-47C8-8FB3-9233C54247BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.8:*:*:*:node.js:*:*",
              "matchCriteriaId": "DE07DB4E-85AB-4495-B81D-2478E1CD0FD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.2.0:alpha.9:*:*:*:node.js:*:*",
              "matchCriteriaId": "F4260AB5-24D7-4D6C-B55F-3129BDDBEF8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "7A4300AF-10D6-4E09-B6DF-B28144F8E024",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.10:*:*:*:node.js:*:*",
              "matchCriteriaId": "C11B2FEB-7617-49DA-AB18-CA2F37367480",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.11:*:*:*:node.js:*:*",
              "matchCriteriaId": "B606D916-B540-465A-946B-2FEBF2850916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.12:*:*:*:node.js:*:*",
              "matchCriteriaId": "FCE2860A-1826-4A8B-A66F-D11733F9103D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.13:*:*:*:node.js:*:*",
              "matchCriteriaId": "E84297DB-5816-4FA5-8696-204CAF1BEF6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.14:*:*:*:node.js:*:*",
              "matchCriteriaId": "C9219C64-059A-4A3E-8836-AAD56D40CEEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.15:*:*:*:node.js:*:*",
              "matchCriteriaId": "57353E36-EFA9-402B-AFF5-AFADACCEE6E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.16:*:*:*:node.js:*:*",
              "matchCriteriaId": "57CFDD8F-7705-43EC-938C-100A750BF6A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.17:*:*:*:node.js:*:*",
              "matchCriteriaId": "9330CE70-6112-4194-81FF-B58A073447EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.18:*:*:*:node.js:*:*",
              "matchCriteriaId": "D6EC7E97-76CE-4749-BDF9-409C3C5D5836",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.19:*:*:*:node.js:*:*",
              "matchCriteriaId": "A555D06A-B5B1-4ADB-B920-F7509691DC07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.2:*:*:*:node.js:*:*",
              "matchCriteriaId": "7EA2C3DD-9ADE-4089-A358-7866A460BB62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.20:*:*:*:node.js:*:*",
              "matchCriteriaId": "2E197079-35B1-4896-9A6D-29FF88C95338",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.21:*:*:*:node.js:*:*",
              "matchCriteriaId": "E6AA3ECC-E3FA-49AF-916F-37691A3BD04A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.22:*:*:*:node.js:*:*",
              "matchCriteriaId": "5D54DA67-239B-4340-85ED-9BD93D19A83A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.23:*:*:*:node.js:*:*",
              "matchCriteriaId": "5381B696-F48C-4763-BF8B-B10CF0134473",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.24:*:*:*:node.js:*:*",
              "matchCriteriaId": "9A10EB23-2504-4D98-8D1E-3398D9A386AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.25:*:*:*:node.js:*:*",
              "matchCriteriaId": "88C6CCC3-FA1C-4CA5-896D-0ECFE1C5F3A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.26:*:*:*:node.js:*:*",
              "matchCriteriaId": "D5107B7E-0270-44EA-97AD-E186A83FC0A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.27:*:*:*:node.js:*:*",
              "matchCriteriaId": "530AE8D8-8D69-4F38-A8A9-78BB6FFEF18E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.28:*:*:*:node.js:*:*",
              "matchCriteriaId": "D1DC1670-DB4B-4B2E-9B86-51B5C143C199",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.29:*:*:*:node.js:*:*",
              "matchCriteriaId": "F1877E4D-26D2-4904-8053-D3C4A2A12C79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.3:*:*:*:node.js:*:*",
              "matchCriteriaId": "60F9E180-C44C-4C7A-B05C-1D188061DA73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.30:*:*:*:node.js:*:*",
              "matchCriteriaId": "0020AAB4-42B4-4FDA-8980-3BB478B0D933",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.31:*:*:*:node.js:*:*",
              "matchCriteriaId": "35EB35EF-46C4-4A75-B8E6-7C29C776D5C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.32:*:*:*:node.js:*:*",
              "matchCriteriaId": "6C59AEF9-1C8C-41C0-8786-55CB41AA1829",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.33:*:*:*:node.js:*:*",
              "matchCriteriaId": "6EA1686D-E53A-4C35-8743-09FF7F2C6795",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.34:*:*:*:node.js:*:*",
              "matchCriteriaId": "0897894F-2D60-4E27-827C-ACBA6E30FABB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.35:*:*:*:node.js:*:*",
              "matchCriteriaId": "2FB28994-3EB1-4857-B2F1-6210D61A61D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.36:*:*:*:node.js:*:*",
              "matchCriteriaId": "137F6EAA-831A-42C0-B003-FB4F583D7279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.37:*:*:*:node.js:*:*",
              "matchCriteriaId": "E41A87FE-1651-4A7A-8E32-2B20D69F5593",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.38:*:*:*:node.js:*:*",
              "matchCriteriaId": "D791B7C0-E3E7-4BE4-A691-8398263CC901",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.39:*:*:*:node.js:*:*",
              "matchCriteriaId": "177C31B7-05D9-4690-897A-2FDBC406AB0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.4:*:*:*:node.js:*:*",
              "matchCriteriaId": "8FD4CC16-C0F6-4C05-970D-B54E84A8C7FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.40:*:*:*:node.js:*:*",
              "matchCriteriaId": "2F1B8B29-DFAD-4634-AC12-C1DFF2FBA5C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.41:*:*:*:node.js:*:*",
              "matchCriteriaId": "57FB28C9-5DE8-4D09-9BDE-FFFBD7516F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.42:*:*:*:node.js:*:*",
              "matchCriteriaId": "8589D874-D29D-4583-A1DA-59D8F39027A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.43:*:*:*:node.js:*:*",
              "matchCriteriaId": "13A8384B-B775-41C9-96F5-20186B6D82BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.5:*:*:*:node.js:*:*",
              "matchCriteriaId": "2948F800-5515-4729-A82D-2DACA81BA2DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.6:*:*:*:node.js:*:*",
              "matchCriteriaId": "1A253A5D-C7DB-4B64-A77A-D03FEFBDC8BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.7:*:*:*:node.js:*:*",
              "matchCriteriaId": "1DECD32E-1F70-4AA0-9AA7-8E25CDC611C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.8:*:*:*:node.js:*:*",
              "matchCriteriaId": "7D1B3EF0-F7E5-46E4-8741-B234A4389137",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.3.0:alpha.9:*:*:*:node.js:*:*",
              "matchCriteriaId": "C694360B-3347-4F9F-A621-080C0EAC4DAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.4.0:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "49AA820D-E082-47D2-803D-6B54476C0203",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.4.1:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "85F7BCC9-C07E-41ED-B172-2FBE6EC25281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.4.1:alpha.2:*:*:*:node.js:*:*",
              "matchCriteriaId": "5148D58F-AB4C-46F0-8BD0-0F67E908D268",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "487A1716-0D40-44A0-9F38-5FE7CA8EB7BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha.2:*:*:*:node.js:*:*",
              "matchCriteriaId": "52BF57A4-CA0D-4573-AD58-6E2572A7F6C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha.3:*:*:*:node.js:*:*",
              "matchCriteriaId": "31B0DA15-56F5-4CAF-B143-BFCF15B9FC8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha.4:*:*:*:node.js:*:*",
              "matchCriteriaId": "42263CAA-72DA-4B09-81B7-6E25DDF9FF85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha.5:*:*:*:node.js:*:*",
              "matchCriteriaId": "A72FAF71-B360-4CAD-8369-22FA7203059E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha.6:*:*:*:node.js:*:*",
              "matchCriteriaId": "3A15C600-A7E7-43BA-85A5-33EF4A580BC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:8.5.0:alpha.7:*:*:*:node.js:*:*",
              "matchCriteriaId": "E0FF7351-1107-4C32-A33B-A72929B8B08A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha.1:*:*:*:node.js:*:*",
              "matchCriteriaId": "BC47F04B-0CAB-4F59-AD13-098E01F33ABF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha.2:*:*:*:node.js:*:*",
              "matchCriteriaId": "8A0BEBE6-165D-4E02-84FB-0CE15101B7E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha.3:*:*:*:node.js:*:*",
              "matchCriteriaId": "E50D6B9B-1480-4FFC-A5E1-0AC266B5505D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha.4:*:*:*:node.js:*:*",
              "matchCriteriaId": "63696822-C9C4-4094-B2A6-CD3026748EB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha.5:*:*:*:node.js:*:*",
              "matchCriteriaId": "2694A32A-009C-4189-849B-2388D53B0276",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha.6:*:*:*:node.js:*:*",
              "matchCriteriaId": "FDF833EE-1D53-49EE-8FE5-2D8E56F66AE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:parseplatform:parse_dashboard:9.0.0:alpha.7:*:*:*:node.js:*:*",
              "matchCriteriaId": "2458B177-3461-425A-89AA-13866FE27028",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint (POST `/apps/:appId/agent`) has multiple security vulnerabilities that, when chained, allow unauthenticated remote attackers to perform arbitrary read and write operations against any connected Parse Server database using the master key. The agent feature is opt-in; dashboards without an agent config are not affected. The fix in version 9.0.0-alpha.8 adds authentication, CSRF validation, and per-app authorization middleware to the agent endpoint. Read-only users are restricted to the `readOnlyMasterKey` with write permissions stripped server-side. A cache key collision between master key and read-only master key was also corrected. As a workaround, remove or comment out the agent configuration block from your Parse Dashboard configuration."
    }
  ],
  "id": "CVE-2026-27595",
  "lastModified": "2026-02-27T19:18:14.857",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 9.9,
          "baseSeverity": "CRITICAL",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "HIGH",
          "subIntegrityImpact": "HIGH",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-02-25T03:16:04.437",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/parse-community/parse-dashboard/releases/tag/9.0.0-alpha.8"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/parse-community/parse-dashboard/security/advisories/GHSA-qwc3-h9mg-4582"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

CVE-2026-27595 (GCVE-0-2026-27595)

Vulnerability from cvelistv5 – Published: 2026-02-25 02:21 – Updated: 2026-02-27 17:14

Title

Parse Dashboard has incomplete authentication on AI Agent endpoint

Summary

Severity ?

9.9 (Critical)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

CWE

CWE-306 - Missing Authentication for Critical Function

Assigner

GitHub_M

References

URL

	Vendor	Product	Version
	parse-community	parse-dashboard	Affected: >= 7.3.0-alpha.42, < 9.0.0-alpha.8

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2026-27595

CVE-2026-27595 (GCVE-0-2026-27595)

Tags

Sightings

Nomenclature