PT-2026-58926 · Bitnami · Parse

Published

2026-07-14

·

Updated

2026-07-14

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.9.1 and 8.6.83, a LiveQuery subscriber could receive object field values they were not authorized to read when a single save changed both an object field and the subscriber's ACL read access, because leave and enter events included the wrong object state. This issue is fixed in versions 9.9.1 and 8.6.83.
Found an issue in the description? Have something to add? Feel free to write us 👾

Related Identifiers

BIT-PARSE-2026-57481

Affected Products

Parse