CVE-2026-34215 in parse-serverИнформация

Сводка (Английский)

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.63 and 9.7.0-alpha.7, the verify password endpoint returns unsanitized authentication data, including MFA TOTP secrets, recovery codes, and OAuth access tokens. An attacker who knows a user's password can extract the MFA secret to generate valid MFA codes, defeating multi-factor authentication protection. This issue has been patched in versions 8.6.63 and 9.7.0-alpha.7.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Ответственный

GitHub_M

Резервировать

26.03.2026

Раскрытие

31.03.2026

Статус

Подтверждённый

Записи

VulDB provides additional information and datapoints for this CVE:

ИД	Уязвимость	CWE	Экс	Кон	CVE
354496	parse-community parse-server Verify Password раскрытие информации	200	Не определено	Официальное исправление	CVE-2026-34215

Описание

CPE

CWE

CVSS

Эксплойты

История

Разница

Связать

Разведка угроз

API JSON

API XML

API CSV

Источники

◂ ПредыдущийОбзорДалее ▸

Do you know our Splunk app?

Download it now for free!