PT-2026-24424 · Unknown · Parse Server
Mtrezza
·
Published
2026-03-10
·
Updated
2026-03-12
·
CVE-2026-30946
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Parse Server versions prior to 9.5.2-alpha.2
Parse Server versions prior to 8.6.15
Description
Parse Server, an open-source backend deployable on Node.js infrastructures, is susceptible to resource exhaustion. An unauthenticated attacker can exploit the lack of complexity limits in the REST and GraphQL APIs to consume server resources such as CPU, memory, and database connections through crafted queries. All deployments utilizing the REST or GraphQL API are potentially affected.
Recommendations
Update to Parse Server version 9.5.2-alpha.2 or later.
Update to Parse Server version 8.6.15 or later.
Exploit
Fix
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Parse Server