{"data":{"id":"4405a026-417b-485f-b71d-cbb40f1a4424","title":"CVE-2026-47138: Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version","summary":"Parse Server, an open source backend framework that runs on Node.js, has a vulnerability where attackers can send specially crafted HTTP requests that cause the server to spend seconds or minutes processing a single request before checking user permissions or rate limits. An attacker only needs to know the application's public ID and can overload the server by sending a few concurrent requests or one large request, making it slow or unresponsive for legitimate users.","solution":"Update Parse Server to version 8.6.77 or 9.9.1-alpha.1 or later, as this issue has been patched in these versions.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-47138","publishedAt":"2026-06-12T19:16:28.257Z","cveId":"CVE-2026-47138","cweIds":["CWE-1333"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Parse Server"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00157,"patchAvailable":null,"disclosureDate":"2026-06-12T19:16:28.257Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}