CVE-2026-32742 | parse-community parse-server up to 8.6.41/9.6.0-alpha.16 Session Creation Endpoint dynamically-determined object attributes (GHSA-5v7g-9h8f-8pgg)

Inserito da Angelo Barbosa | Mar 19, 2026 | CVE

A vulnerability was found in parse-community parse-server up to 8.6.41/9.6.0-alpha.16 and classified as problematic. This affects an unknown part of the component Session Creation Endpoint. Executing a manipulation can lead to dynamically-determined object attributes.

This vulnerability appears as CVE-2026-32742. The attack may be performed from remote. There is no available exploit.

It is suggested to upgrade the affected component.

CVE-2026-32742 | parse-community parse-server up to 8.6.41/9.6.0-alpha.16 Session Creation Endpoint dynamically-determined object attributes (GHSA-5v7g-9h8f-8pgg)

Post correlati

CVE-2024-0645 | explorerplusplus Explorer++.exe 1.3.5.531 Filename memory corruption

CVE-2025-10496 | Christoph Rado Cookie Notice & Consent Plugin up to 1.6.5 on WordPress uuid cross site scripting

CVE-2025-52923 | Sangfor aTrust 2.4.10 ExecStartPre Command permission assignment (EUVD-2025-18829)

CVE-2025-62978 | KiotViet Sync Plugin up to 1.8.5 on WordPress authorization