CVE-2026-33421 | parse-community parse-server up to 8.6.52/9.6.0-alpha.41 LiveQuery WebSocket Interface authorization (GHSA-fph2-r4qg-9576)

Inserito da Angelo Barbosa | Mar 24, 2026 | CVE

A vulnerability was found in parse-community parse-server up to 8.6.52/9.6.0-alpha.41. It has been declared as problematic. Affected by this issue is some unknown functionality of the component LiveQuery WebSocket Interface. The manipulation results in incorrect authorization.

This vulnerability was named CVE-2026-33421. The attack may be performed from remote. There is no available exploit.

It is recommended to upgrade the affected component.

CVE-2026-33421 | parse-community parse-server up to 8.6.52/9.6.0-alpha.41 LiveQuery WebSocket Interface authorization (GHSA-fph2-r4qg-9576)

Post correlati

CVE-2025-8268 | AI Engine Plugin up to 2.9.5 on WordPress rest_list/delete_files authorization

CVE-2025-0484 | Fanli2012 native-php-cms 1.0 Backend sysconfig_doedit.php improper authorization

CVE-2026-33419 | MinIO up to 0.0.0-20260212201848-7aac2a2c5b7c Security Token Service AccessKeyId/SecretAccessKey/SessionToken information exposure (GHSA-jv87-32hw-hh99)

CVE-2024-43403 | kanisterio kanister up to 0.110.0 create/patch/udpate privileges management (GHSA-h27c-6xm3-mcqp)