CVE-2026-53724 | parse-community parse-server up to 8.6.78/9.9.1-alpha.3 Default File Upload Extension unrestricted upload (GHSA-7wqv-xjf3-x35v / EUVD-2026-36539)

A vulnerability was found in parse-community parse-server up to 8.6.78/9.9.1-alpha.3. It has been declared as critical. Affected by this issue is some unknown functionality of the component Default File Upload Extension. Such manipulation leads to unrestricted upload.

This vulnerability is uniquely identified as CVE-2026-53724. The attack can be launched remotely. No exploit exists.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More