CVE-2026-30965 | parse-community parse-server up to 8.6.20/9.0.0 9.5.2-alpha.7 Query Parameter redirectClassNameForKey authorization (GHSA-6r2j-cxgf-495f)

A vulnerability labeled as critical has been found in parse-community parse-server up to 8.6.20/9.0.0 9.5.2-alpha.7. Impacted is the function redirectClassNameForKey of the component Query Parameter Handler. Such manipulation leads to incorrect authorization.

This vulnerability is traded as CVE-2026-30965. The attack may be launched remotely. There is no exploit available.

The affected component should be upgraded.VulDB Recent EntriesRead More