Severity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
AC:H captures the dual server-side prerequisites (MFA enabled plus denied _User CLP); PR:N because /verifyPassword accepts plain credentials with no prior authenticated session required.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3Blast Radius
ecosystem impact- 1 npm packages depend on parse-server (1 direct, 0 indirect)
Ecosystem-wide dependent count for version 9.8.0.
DescriptionCVE.org
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.8.0 to before version 9.9.1-alpha.5, apps that enable MFA and deny get on the _User class via Class-Level Permissions could expose sensitive user data through the /login and /verifyPassword endpoints. These endpoints re-fetch the user through the access-controlled query pipeline (CLP, protectedFields, auth-adapter sanitizers) before responding. When that re-fetch was denied by the _User get permission, the server fell back to the raw database row, exposing raw authData (including MFA TOTP secrets and recovery codes) and fields hidden by protectedFields (when protectedFieldsOwnerExempt is false). /verifyPassword is the most severe: with only a username and password (no session or MFA token), an attacker who knows a victim's password could retrieve their MFA secret and recovery codes, defeating the second factor. This issue has been patched in version 9.9.1-alpha.5.
AnalysisAI
Parse Server 9.8.0-9.9.0 exposes raw MFA TOTP secrets and recovery codes through the /verifyPassword and /login endpoints when the _User class-level permission (CLP) is configured to deny get operations. An attacker with knowledge of a victim's username and password can call /verifyPassword without a session token or MFA token and receive the victim's plaintext TOTP secret and recovery codes in the response, completely defeating the second authentication factor. No public exploit has been identified at time of analysis; a patch exists in version 9.9.1-alpha.5, and the EPSS score of 0.04% (13th percentile) reflects limited opportunistic exploitation so far.
Technical ContextAI
Parse Server (cpe:2.3:a:parse-community:parse-server) is a Node.js open-source backend that provides user authentication, class-level permissions (CLPs), protectedFields, and multi-factor authentication via TOTP. After credential validation on /login or /verifyPassword, the server re-fetches the _User record through an access-controlled pipeline in src/Routers/UsersRouter.js that enforces CLPs, protectedFields rules, and auth-adapter sanitizers - including replacing raw TOTP material with a safe status flag. CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) describes the root cause: when the _User get CLP denies that re-fetch, instead of returning a sanitized partial record or an error, the server silently fell back to the raw database row, bypassing every sanitization layer. Fields protected by protectedFields are also leaked when protectedFieldsOwnerExempt is set to false. The fix in PR #10492 corrects the fallback behavior in UsersRouter.js so a denied re-fetch no longer returns unsanitized database content.
RemediationAI
Upgrade Parse Server to version 9.9.1-alpha.5 or later, which corrects the fallback behavior in src/Routers/UsersRouter.js (PR #10492: https://github.com/parse-community/parse-server/pull/10492); note that 9.9.1-alpha.5 is a pre-release alpha, so validate stability in staging before production deployment. If immediate upgrade is not feasible, removing the deny-get restriction from the _User CLP allows the re-fetch to succeed and the full sanitization pipeline to run normally, eliminating the unsafe fallback - this trades the CLP access restriction for correct data sanitization, so evaluate whether that CLP was enforcing other data isolation requirements before relaxing it. As a second interim measure, temporarily disabling the MFA feature removes the at-risk TOTP secret fields from authData entirely, at the cost of losing second-factor protection for all users until the patch is applied. No other workaround reliably prevents the raw database row from being returned without one of these two configuration changes.
FortiOS and FortiProxy contain an authentication bypass via the Node.js websocket module allowing unauthenticated remote
Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for t
Flowise version 3.0.5 contains a remote code execution vulnerability in the CustomMCP node. The mcpServerConfig paramete
Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was inc
An issue was discovered in the node-serialize package 0.0.4 for Node.js. Rated critical severity (CVSS 9.8), this vulner
Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary fi
Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwin
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, whic
Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read
Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio
Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rat
The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of se
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36540
GHSA-75v4-m273-5j49