CVE-2026-33624 in parse-community parse-serverИнформация

Сводка (Английский)

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.60 and 9.6.0-alpha.54, an attacker who obtains a user's password and a single MFA recovery code can reuse that recovery code an unlimited number of times by sending concurrent login requests. This defeats the single-use design of recovery codes. The attack requires the user's password, a valid recovery code, and the ability to send concurrent requests within milliseconds. This issue has been patched in versions 8.6.60 and 9.6.0-alpha.54.

Ответственный

GitHub_M

Резервировать

23.03.2026

Раскрытие

24.03.2026

Записи

VulDB provides additional information and datapoints for this CVE:

ИД	Уязвимость	CWE	Экс	Кон	CVE
352842	parse-community parse-server состояние гонки	367	Не определено	Официальное исправление	CVE-2026-33624

Описание

CPE

CWE

CVSS

Эксплойты

История

Разница

Связать

Разведка угроз

API JSON

API XML

API CSV

◂ ПредыдущийОбзорДалее ▸

Might our Artificial Intelligence support you?

Check our Alexa App!