CVE-2026-34224 | parse-community parse-server up to 8.6.63/9.7.0-alpha.7 authData Login Endpoint toctou (GHSA-w73w-g5xw-rwhf)

A vulnerability was found in parse-community parse-server up to 8.6.63/9.7.0-alpha.7. It has been declared as problematic. The impacted element is an unknown function of the component authData Login Endpoint. Such manipulation leads to time-of-check time-of-use.

This vulnerability is documented as CVE-2026-34224. The attack can be executed remotely. There is not any exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More