9.1
CVE-2026-33409
- EPSS 0.05%
- Veröffentlicht 24.03.2026 18:11:36
- Zuletzt bearbeitet 25.03.2026 21:25:29
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginParse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.52 and 9.6.0-alpha.41, an authentication bypass vulnerability allows an attacker to log in as any user who has linked a third-party authentication provider, without knowing the user's credentials. The attacker only needs to know the user's provider ID to gain full access to their account, including a valid session token. This affects Parse Server deployments where the server option allowExpiredAuthDataToken is set to true. The default value is false. This issue has been patched in versions 8.6.52 and 9.6.0-alpha.41.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Parseplatform ≫ Parse-server SwPlatformnode.js Version < 8.6.52
Parseplatform ≫ Parse-server SwPlatformnode.js Version >= 9.0.0 < 9.6.0
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha1 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha10 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha11 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha12 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha13 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha14 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha15 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha16 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha17 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha18 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha19 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha2 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha20 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha21 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha22 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha23 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha24 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha25 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha26 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha27 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha28 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha29 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha3 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha30 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha31 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha32 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha33 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha34 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha35 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha36 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha37 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha38 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha39 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha4 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha40 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha5 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha6 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha7 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha8 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha9 SwPlatformnode.js
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.163 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
| security-advisories@github.com | 7 | 0 | 0 |
CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.