CVE-2026-33323

EPSS 0.04%
Veröffentlicht 24.03.2026 18:06:32
Zuletzt bearbeitet 25.03.2026 21:25:47
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.51 and 9.6.0-alpha.40, the Pages route and legacy PublicAPI route for resending email verification links return distinguishable responses depending on whether the provided username exists and has an unverified email. This allows an unauthenticated attacker to enumerate valid usernames by observing different redirect targets. The existing emailVerifySuccessOnInvalidEmail configuration option, which is enabled by default and protects the API route against this, did not apply to these routes. This issue has been patched in versions 8.6.51 and 9.6.0-alpha.40.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Parseplatform ≫ Parse-server SwPlatformnode.js Version < 8.6.51

Parseplatform ≫ Parse-server SwPlatformnode.js Version >= 9.0.0 < 9.6.0

Parseplatform ≫ Parse-server Version9.6.0 Updatealpha1 SwPlatformnode.js

Parseplatform ≫ Parse-server Version9.6.0 Updatealpha10 SwPlatformnode.js

Parseplatform ≫ Parse-server Version9.6.0 Updatealpha11 SwPlatformnode.js

Parseplatform ≫ Parse-server Version9.6.0 Updatealpha12 SwPlatformnode.js

Parseplatform ≫ Parse-server Version9.6.0 Updatealpha13 SwPlatformnode.js

Parseplatform ≫ Parse-server Version9.6.0 Updatealpha14 SwPlatformnode.js

Parseplatform ≫ Parse-server Version9.6.0 Updatealpha15 SwPlatformnode.js

Parseplatform ≫ Parse-server Version9.6.0 Updatealpha16 SwPlatformnode.js

Parseplatform ≫ Parse-server Version9.6.0 Updatealpha17 SwPlatformnode.js

Parseplatform ≫ Parse-server Version9.6.0 Updatealpha18 SwPlatformnode.js

Parseplatform ≫ Parse-server Version9.6.0 Updatealpha19 SwPlatformnode.js

Parseplatform ≫ Parse-server Version9.6.0 Updatealpha2 SwPlatformnode.js

Parseplatform ≫ Parse-server Version9.6.0 Updatealpha20 SwPlatformnode.js

Parseplatform ≫ Parse-server Version9.6.0 Updatealpha21 SwPlatformnode.js

Parseplatform ≫ Parse-server Version9.6.0 Updatealpha22 SwPlatformnode.js

Parseplatform ≫ Parse-server Version9.6.0 Updatealpha23 SwPlatformnode.js

Parseplatform ≫ Parse-server Version9.6.0 Updatealpha24 SwPlatformnode.js

Parseplatform ≫ Parse-server Version9.6.0 Updatealpha25 SwPlatformnode.js

Parseplatform ≫ Parse-server Version9.6.0 Updatealpha26 SwPlatformnode.js

Parseplatform ≫ Parse-server Version9.6.0 Updatealpha27 SwPlatformnode.js

Parseplatform ≫ Parse-server Version9.6.0 Updatealpha28 SwPlatformnode.js

Parseplatform ≫ Parse-server Version9.6.0 Updatealpha29 SwPlatformnode.js

Parseplatform ≫ Parse-server Version9.6.0 Updatealpha3 SwPlatformnode.js

Parseplatform ≫ Parse-server Version9.6.0 Updatealpha30 SwPlatformnode.js

Parseplatform ≫ Parse-server Version9.6.0 Updatealpha31 SwPlatformnode.js

Parseplatform ≫ Parse-server Version9.6.0 Updatealpha32 SwPlatformnode.js

Parseplatform ≫ Parse-server Version9.6.0 Updatealpha33 SwPlatformnode.js

Parseplatform ≫ Parse-server Version9.6.0 Updatealpha34 SwPlatformnode.js

Parseplatform ≫ Parse-server Version9.6.0 Updatealpha35 SwPlatformnode.js

Parseplatform ≫ Parse-server Version9.6.0 Updatealpha36 SwPlatformnode.js

Parseplatform ≫ Parse-server Version9.6.0 Updatealpha37 SwPlatformnode.js

Parseplatform ≫ Parse-server Version9.6.0 Updatealpha38 SwPlatformnode.js

Parseplatform ≫ Parse-server Version9.6.0 Updatealpha39 SwPlatformnode.js

Parseplatform ≫ Parse-server Version9.6.0 Updatealpha4 SwPlatformnode.js

Parseplatform ≫ Parse-server Version9.6.0 Updatealpha5 SwPlatformnode.js

Parseplatform ≫ Parse-server Version9.6.0 Updatealpha6 SwPlatformnode.js

Parseplatform ≫ Parse-server Version9.6.0 Updatealpha7 SwPlatformnode.js

Parseplatform ≫ Parse-server Version9.6.0 Updatealpha8 SwPlatformnode.js

Parseplatform ≫ Parse-server Version9.6.0 Updatealpha9 SwPlatformnode.js

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.136

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
security-advisories@github.com	6.3	0	0	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-204 Observable Response Discrepancy

The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.

https://github.com/parse-community/parse-server/security/advisories/GHSA-h29g-q5c2-9h4f

Vendor Advisory

https://github.com/parse-community/parse-server/pull/10238

Issue Tracking

https://github.com/parse-community/parse-server/pull/10243

Issue Tracking

https://github.com/parse-community/parse-server/commit/967aa57732202009b2389ce9ecb3130d53d657e5

Patch

https://github.com/parse-community/parse-server/commit/fbda4cb0c5cbc8fad08a216823b6b64d4ae289c3

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-33323

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-33323

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-33323

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-33323