CVE-2026-27609: Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha
Summary
Parse Dashboard versions 7.3.0-alpha.42 through 9.0.0-alpha.7 have a CSRF vulnerability (cross-site request forgery, where an attacker tricks a logged-in user into unknowingly sending requests to a website). An attacker can create a malicious webpage that, when visited by someone authenticated to Parse Dashboard, forces their browser to send unwanted requests to the AI Agent API endpoint without their knowledge. This vulnerability is fixed in version 9.0.0-alpha.8 and later.
Solution / Mitigation
Update to version 9.0.0-alpha.8 or later, which adds CSRF middleware (code that checks requests are legitimate) to the agent endpoint and embeds a CSRF token (a secret code) in the dashboard page. Alternatively, remove the `agent` configuration block from your dashboard configuration file as a temporary workaround.
Vulnerability Details
EPSS: 0.0%
Classification
Taxonomy References
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-27609
First tracked: February 24, 2026 at 11:07 PM
Classified by LLM (prompt v3) · confidence: 75%