📧 info@ciso.sa | 📱 +966550939344 | Riyadh, Kingdom of Saudi Arabia
About FAQ Contact Us Terms of Service Privacy Policy 🌐 العربية
🔐

Welcome — Sign in or create an account for full access.

🔑 Sign In ✨ Register
🌐 العربية Sign In Create Account
🔧 Scheduled Maintenance — Saturday 2:00-4:00 AM AST. Some features may be temporarily unavailable.    ●   
💎
Pro Plan 50% Off Unlock all AI features, unlimited reports, and priority support. Upgrade
Search Center
ESC to close
navigate open Ctrl+K search
CISO Consulting
Global vulnerability Technology/Software MEDIUM 16h Global malware Multiple sectors (general) HIGH 18h Global apt Government CRITICAL 22h Global apt Critical Infrastructure / Nuclear Energy CRITICAL 23h Global vulnerability Critical Infrastructure, Government, Enterprise HIGH 1d Global ransomware Home Security and Consumer Services HIGH 1d Global malware Network Infrastructure / Telecommunications CRITICAL 1d Global general Software / IT Operations LOW 1d Global extortion Retail and Hospitality HIGH 1d Global phishing Technology/Enterprise Security MEDIUM 1d Global vulnerability Technology/Software MEDIUM 16h Global malware Multiple sectors (general) HIGH 18h Global apt Government CRITICAL 22h Global apt Critical Infrastructure / Nuclear Energy CRITICAL 23h Global vulnerability Critical Infrastructure, Government, Enterprise HIGH 1d Global ransomware Home Security and Consumer Services HIGH 1d Global malware Network Infrastructure / Telecommunications CRITICAL 1d Global general Software / IT Operations LOW 1d Global extortion Retail and Hospitality HIGH 1d Global phishing Technology/Enterprise Security MEDIUM 1d Global vulnerability Technology/Software MEDIUM 16h Global malware Multiple sectors (general) HIGH 18h Global apt Government CRITICAL 22h Global apt Critical Infrastructure / Nuclear Energy CRITICAL 23h Global vulnerability Critical Infrastructure, Government, Enterprise HIGH 1d Global ransomware Home Security and Consumer Services HIGH 1d Global malware Network Infrastructure / Telecommunications CRITICAL 1d Global general Software / IT Operations LOW 1d Global extortion Retail and Hospitality HIGH 1d Global phishing Technology/Enterprise Security MEDIUM 1d
Vulnerabilities

CVE-2026-33538

High
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.58 and 9.6.0-alpha.52, an unauthenticated attacker can cause denial of ser
CWE-400 — Weakness Type
Published: Mar 24, 2026  ·  Modified: Mar 30, 2026  ·  Source: NVD
CVSS v3
7.5
🔗 NVD Official
📄 Description (English)

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.58 and 9.6.0-alpha.52, an unauthenticated attacker can cause denial of service by sending authentication requests with arbitrary, unconfigured provider names. The server executes a database query for each unconfigured provider before rejecting the request, and since no database index exists for unconfigured providers, each request triggers a full collection scan on the user database. This can be parallelized to saturate database resources. This issue has been patched in versions 8.6.58 and 9.6.0-alpha.52.

🤖

Queued for AI Analysis

This CVE will be auto-analyzed on the next cron run.

📦 Affected Products / CPE 50 entries
parseplatform:parse-server
parseplatform:parse-server
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
parseplatform:parse-server:9.6.0
📊 CVSS Score
7.5
/ 10.0 — High
📊 CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack VectorN — None / Network
Attack ComplexityL — Low / Local
Privileges RequiredN — None / Network
User InteractionN — None / Network
ScopeU — Unchanged
ConfidentialityN — None / Network
IntegrityN — None / Network
AvailabilityH — High
📋 Quick Facts
Severity High
CVSS Score7.5
CWECWE-400
Exploit No
Patch ✓ Yes
Published 2026-03-24
Source Feed nvd
Views 4
🏷️ Tags
patch-available CWE-400
🏢 Vendor Advisories
🔗 https://github.com/parse-community/parse-server/secu...
⚡ Actions
🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details
Share this CVE
LinkedIn X / Twitter WhatsApp Telegram
📣 Found this valuable?
Share it with your cybersecurity network
in LinkedIn 𝕏 X / Twitter 💬 WhatsApp ✈ Telegram
🍪 Privacy Preferences
CISO Consulting — Compliant with Saudi Personal Data Protection Law (PDPL)
We use cookies and similar technologies to provide the best experience on our platform. You can choose which types you accept.
🔒
Essential Always On
Required for the website to function properly. Cannot be disabled.
📋 Sessions, CSRF tokens, authentication, language preferences
📊
Analytics
Help us understand how visitors use the site and improve performance.
📋 Page views, session duration, traffic sources, performance metrics
⚙️
Functional
Enable enhanced features like content personalization and preferences.
📋 Dark/light theme, font size, custom dashboards, saved filters
📣
Marketing
Used to deliver content and ads relevant to your interests.
📋 Campaign tracking, retargeting, social media analytics
Privacy Policy →
CISO AI Assistant
Ask anything · Documents · Support
🔐

Introduce Yourself

Enter your details to access the full assistant

Your info is private and never shared
💬
CyberAssist
Online · responds in seconds
5 / 5
🔐 Verify Your Identity

Enter your email to receive a verification code before submitting a support request.

Enter to send · / for commands 0 / 2000
CISO AI · Powered by Anthropic Claude
✦ Quick Survey Help Us Improve CISO Consulting Your feedback shapes the future of our platform — takes less than 2 minutes.
⚠ Please answer this question to continue

How would you rate your overall experience with our platform?

Rate from 1 (poor) to 5 (excellent)

🎉
Thank you!
Your response has been recorded.