CVE-2026-55778 in Parse Serverالمعلومات

الملخص

بحسب MITRE • 09/07/2026

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.9.1-alpha.11 and 8.6.81, the default fileUpload.fileExtensions blocklist could be bypassed by uploading a file with a non-standard or compound extension and dangerous content type, allowing storage adapters such as S3 and GCS to serve attacker-supplied active content and enable stored cross-site scripting. This issue is fixed in versions 9.9.1-alpha.11 and 8.6.81.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

مسؤول

GitHub M

حجز

17/06/2026

إفشاء

09/07/2026

الاعتدال

تمت الموافقة

إدخال

VDB-377095

EPSS

0.00406

KEV

لا

النشاطات

منخفض جدًا

المصادر

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!