Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-27610
PUBLISHED
More InfoOfficial Page
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
View Known Exploited Vulnerability (KEV) details
Published At-25 Feb, 2026 | 02:19
Updated At-27 Feb, 2026 | 17:24
Rejected At-
▼CVE Numbering Authority (CNA)
Parse Dashboard Has a Cache Key Collision that Leaks Master Key to Read-Only Sessions

Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the `ConfigKeyCache` uses the same cache key for both master key and read-only master key when resolving function-typed keys. Under specific timing conditions, a read-only user can receive the cached full master key, or a regular user can receive the cached read-only master key. The fix in version 9.0.0-alpha.8 uses distinct cache keys for master key and read-only master key. As a workaround, avoid using function-typed master keys, or remove the `agent` configuration block from your dashboard configuration.

Affected Products
Vendor
parse-community
Product
parse-dashboard
Versions
Affected
  • >= 7.3.0-alpha.42, < 9.0.0-alpha.8
Problem Types
TypeCWE IDDescription
CWECWE-1289CWE-1289: Improper Validation of Unsafe Equivalence in Input
Type: CWE
CWE ID: CWE-1289
Description: CWE-1289: Improper Validation of Unsafe Equivalence in Input
Metrics
VersionBase scoreBase severityVector
4.07.0HIGH
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N
Version: 4.0
Base score: 7.0
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/parse-community/parse-dashboard/security/advisories/GHSA-jhp4-jvq3-w5xr
x_refsource_CONFIRM
https://github.com/parse-community/parse-dashboard/commit/f92a9ef5246d57e51696bd881a15f3b133b2bb50
x_refsource_MISC
https://github.com/parse-community/parse-dashboard/releases/tag/9.0.0-alpha.8
x_refsource_MISC
Hyperlink: https://github.com/parse-community/parse-dashboard/security/advisories/GHSA-jhp4-jvq3-w5xr
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/parse-community/parse-dashboard/commit/f92a9ef5246d57e51696bd881a15f3b133b2bb50
Resource:
x_refsource_MISC
Hyperlink: https://github.com/parse-community/parse-dashboard/releases/tag/9.0.0-alpha.8
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found