CVE-2026-32248 | parse-community parse-server up to 8.6.37/9.6.0-alpha.11 data query logic injection (GHSA-5fw2-8jcv-xh87)

A vulnerability categorized as critical has been discovered in parse-community parse-server up to 8.6.37/9.6.0-alpha.11. This issue affects some unknown processing. Such manipulation leads to improper neutralization of special elements in data query logic.

This vulnerability is referenced as CVE-2026-32248. It is possible to launch the attack remotely. No exploit is available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More