CVE-2026-32886 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.24 and 8.6.47, remote clients can c…
High CVSS: 8.2

CVE-2026-32886

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.24 and 8.6.47, remote clients can crash the Parse Server process by calling a cloud function endpoint with a crafted function name that traverses the JavaScript prototype chain of a registered cloud function handler, causing a stack overflow. The fix in versions 9.6.0-alpha.24 and 8.6.47 restricts property lookups during cloud function name resolution to own properties only, preventing prototype chain traversal from stored function handlers. There is no known workaround.
Vendor
Parseplatform
Product
Parse-server
CWE
CWE-1321
Yayın Tarihi
2026-03-18 22:16:25
Güncelleme
2026-03-19 17:21:45
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-1321 Parse-server HIGH Parseplatform 2026

Referanslar

https://github.com/parse-community/parse-server/pull/10210 https://github.com/parse-community/parse-server/pull/10211 https://github.com/parse-community/parse-server/security/advisories/GHSA-4263-jgmp-7pf4