CVE-2026-30941 | parse-community parse-server up to 8.6.13/9.5.1 token data query logic injection (GHSA-vgjh-hmwf-c588)

A vulnerability has been found in parse-community parse-server up to 8.6.13/9.5.1 and classified as problematic. The affected element is an unknown function. This manipulation of the argument token causes improper neutralization of special elements in data query logic.

The identification of this vulnerability is CVE-2026-30941. It is possible to initiate the attack remotely. There is no exploit available.

The affected component should be upgraded.VulDB Recent EntriesRead More