CVE-2026-27595: Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha
Summary
Parse Dashboard versions 7.3.0-alpha.42 through 9.0.0-alpha.7 have security vulnerabilities in the AI Agent API endpoint that allow unauthenticated attackers to read and write data from any connected database using the master key (a special admin credential that grants full access). The agent feature must be enabled to be vulnerable, so dashboards without it are safe.
Solution / Mitigation
Upgrade to version 9.0.0-alpha.8 or later, which adds authentication, CSRF validation (protection against forged requests), and per-app authorization middleware to the agent endpoint. Alternatively, remove or comment out the agent configuration block from your Parse Dashboard configuration file as a temporary workaround.
Vulnerability Details
EPSS: 0.0%
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-27595
First tracked: February 24, 2026 at 11:07 PM
Classified by LLM (prompt v3) · confidence: 75%