CVE-2026-34215 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.63 and 9.7.0-alpha.7, the verify p…
High CVSS: 8.2

CVE-2026-34215

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.63 and 9.7.0-alpha.7, the verify password endpoint returns unsanitized authentication data, including MFA TOTP secrets, recovery codes, and OAuth access tokens. An attacker who knows a user's password can extract the MFA secret to generate valid MFA codes, defeating multi-factor authentication protection. This issue has been patched in versions 8.6.63 and 9.7.0-alpha.7.
Vendor
Parseplatform
Product
Parse-server
CWE
CWE-200
Yayın Tarihi
2026-03-31 20:16:29
Güncelleme
2026-04-03 17:16:43
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-200 Parse-server HIGH Parseplatform 2026

Referanslar

https://github.com/parse-community/parse-server/commit/770be8647424d92f5425c41fa81065ffbbb171ed https://github.com/parse-community/parse-server/commit/a1d4e7b12a12f16d3870dbee582a36765858e94c https://github.com/parse-community/parse-server/pull/10323 https://github.com/parse-community/parse-server/pull/10324 https://github.com/parse-community/parse-server/security/advisories/GHSA-wp76-gg32-8258