CVE-2026-27609

EUVD-2026-8592
Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint (`POST /apps/:appId/agent`) lacks CSRF protection. An attacker can craft a malicious page that, when visited by an authenticated dashboard user, submits requests to the agent endpoint using the victim's session. The fix in version 9.0.0-alpha.8 adds CSRF middleware to the agent endpoint and embeds a CSRF token in the dashboard page. As a workaround, remove the `agent` configuration block from your dashboard configuration. Dashboards without an `agent` config are not affected.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Affected Products (NVD)
VendorProductVersion
parseplatformparse_dashboard
7.3.0:alpha42
parseplatformparse_dashboard
7.3.0:alpha43
parseplatformparse_dashboard
7.3.0:alpha44
parseplatformparse_dashboard
7.3.0:alpha5
parseplatformparse_dashboard
7.3.0:alpha6
parseplatformparse_dashboard
7.3.0:alpha7
parseplatformparse_dashboard
7.3.0:alpha8
parseplatformparse_dashboard
7.3.0:alpha9
parseplatformparse_dashboard
7.4.0:alpha1
parseplatformparse_dashboard
7.4.0:alpha2
parseplatformparse_dashboard
7.4.0:alpha3
parseplatformparse_dashboard
7.4.0:alpha4
parseplatformparse_dashboard
7.4.0:alpha5
parseplatformparse_dashboard
7.5.0:alpha1
parseplatformparse_dashboard
7.5.0:alpha2
parseplatformparse_dashboard
7.6.0:alpha1
parseplatformparse_dashboard
7.6.0:alpha10
parseplatformparse_dashboard
7.6.0:alpha11
parseplatformparse_dashboard
7.6.0:alpha12
parseplatformparse_dashboard
7.6.0:alpha13
parseplatformparse_dashboard
7.6.0:alpha2
parseplatformparse_dashboard
7.6.0:alpha3
parseplatformparse_dashboard
7.6.0:alpha4
parseplatformparse_dashboard
7.6.0:alpha5
parseplatformparse_dashboard
7.6.0:alpha6
parseplatformparse_dashboard
7.6.0:alpha7
parseplatformparse_dashboard
7.6.0:alpha8
parseplatformparse_dashboard
7.6.0:alpha9
parseplatformparse_dashboard
8.0.0:alpha1
parseplatformparse_dashboard
8.0.0:alpha2
parseplatformparse_dashboard
8.0.0:alpha3
parseplatformparse_dashboard
8.0.0:alpha4
parseplatformparse_dashboard
8.0.0:alpha5
parseplatformparse_dashboard
8.0.0:alpha6
parseplatformparse_dashboard
8.1.0:alpha1
parseplatformparse_dashboard
8.1.0:alpha10
parseplatformparse_dashboard
8.1.0:alpha11
parseplatformparse_dashboard
8.1.0:alpha12
parseplatformparse_dashboard
8.1.0:alpha13
parseplatformparse_dashboard
8.1.0:alpha2
parseplatformparse_dashboard
8.1.0:alpha3
parseplatformparse_dashboard
8.1.0:alpha4
parseplatformparse_dashboard
8.1.0:alpha5
parseplatformparse_dashboard
8.1.0:alpha6
parseplatformparse_dashboard
8.1.0:alpha7
parseplatformparse_dashboard
8.1.0:alpha8
parseplatformparse_dashboard
8.1.0:alpha9
parseplatformparse_dashboard
8.1.1:alpha1
parseplatformparse_dashboard
8.2.0:alpha1
parseplatformparse_dashboard
8.2.0:alpha10
parseplatformparse_dashboard
8.2.0:alpha11
parseplatformparse_dashboard
8.2.0:alpha12
parseplatformparse_dashboard
8.2.0:alpha13
parseplatformparse_dashboard
8.2.0:alpha14
parseplatformparse_dashboard
8.2.0:alpha15
parseplatformparse_dashboard
8.2.0:alpha16
parseplatformparse_dashboard
8.2.0:alpha17
parseplatformparse_dashboard
8.2.0:alpha18
parseplatformparse_dashboard
8.2.0:alpha19
parseplatformparse_dashboard
8.2.0:alpha2
parseplatformparse_dashboard
8.2.0:alpha20
parseplatformparse_dashboard
8.2.0:alpha21
parseplatformparse_dashboard
8.2.0:alpha22
parseplatformparse_dashboard
8.2.0:alpha23
parseplatformparse_dashboard
8.2.0:alpha24
parseplatformparse_dashboard
8.2.0:alpha25
parseplatformparse_dashboard
8.2.0:alpha26
parseplatformparse_dashboard
8.2.0:alpha27
parseplatformparse_dashboard
8.2.0:alpha3
parseplatformparse_dashboard
8.2.0:alpha4
parseplatformparse_dashboard
8.2.0:alpha5
parseplatformparse_dashboard
8.2.0:alpha6
parseplatformparse_dashboard
8.2.0:alpha7
parseplatformparse_dashboard
8.2.0:alpha8
parseplatformparse_dashboard
8.2.0:alpha9
parseplatformparse_dashboard
8.3.0:alpha1
parseplatformparse_dashboard
8.3.0:alpha10
parseplatformparse_dashboard
8.3.0:alpha11
parseplatformparse_dashboard
8.3.0:alpha12
parseplatformparse_dashboard
8.3.0:alpha13
parseplatformparse_dashboard
8.3.0:alpha14
parseplatformparse_dashboard
8.3.0:alpha15
parseplatformparse_dashboard
8.3.0:alpha16
parseplatformparse_dashboard
8.3.0:alpha17
parseplatformparse_dashboard
8.3.0:alpha18
parseplatformparse_dashboard
8.3.0:alpha19
parseplatformparse_dashboard
8.3.0:alpha2
parseplatformparse_dashboard
8.3.0:alpha20
parseplatformparse_dashboard
8.3.0:alpha21
parseplatformparse_dashboard
8.3.0:alpha22
parseplatformparse_dashboard
8.3.0:alpha23
parseplatformparse_dashboard
8.3.0:alpha24
parseplatformparse_dashboard
8.3.0:alpha25
parseplatformparse_dashboard
8.3.0:alpha26
parseplatformparse_dashboard
8.3.0:alpha27
parseplatformparse_dashboard
8.3.0:alpha28
parseplatformparse_dashboard
8.3.0:alpha29
parseplatformparse_dashboard
8.3.0:alpha3
parseplatformparse_dashboard
8.3.0:alpha30
parseplatformparse_dashboard
8.3.0:alpha31
parseplatformparse_dashboard
8.3.0:alpha32
parseplatformparse_dashboard
8.3.0:alpha33
parseplatformparse_dashboard
8.3.0:alpha34
parseplatformparse_dashboard
8.3.0:alpha35
parseplatformparse_dashboard
8.3.0:alpha36
parseplatformparse_dashboard
8.3.0:alpha37
parseplatformparse_dashboard
8.3.0:alpha38
parseplatformparse_dashboard
8.3.0:alpha39
parseplatformparse_dashboard
8.3.0:alpha4
parseplatformparse_dashboard
8.3.0:alpha40
parseplatformparse_dashboard
8.3.0:alpha41
parseplatformparse_dashboard
8.3.0:alpha42
parseplatformparse_dashboard
8.3.0:alpha43
parseplatformparse_dashboard
8.3.0:alpha5
parseplatformparse_dashboard
8.3.0:alpha6
parseplatformparse_dashboard
8.3.0:alpha7
parseplatformparse_dashboard
8.3.0:alpha8
parseplatformparse_dashboard
8.3.0:alpha9
parseplatformparse_dashboard
8.4.0:alpha1
parseplatformparse_dashboard
8.4.1:alpha1
parseplatformparse_dashboard
8.4.1:alpha2
parseplatformparse_dashboard
8.5.0:alpha1
parseplatformparse_dashboard
8.5.0:alpha2
parseplatformparse_dashboard
8.5.0:alpha3
parseplatformparse_dashboard
8.5.0:alpha4
parseplatformparse_dashboard
8.5.0:alpha5
parseplatformparse_dashboard
8.5.0:alpha6
parseplatformparse_dashboard
8.5.0:alpha7
parseplatformparse_dashboard
9.0.0:alpha1
parseplatformparse_dashboard
9.0.0:alpha2
parseplatformparse_dashboard
9.0.0:alpha3
parseplatformparse_dashboard
9.0.0:alpha4
parseplatformparse_dashboard
9.0.0:alpha5
parseplatformparse_dashboard
9.0.0:alpha6
parseplatformparse_dashboard
9.0.0:alpha7
𝑥
= Vulnerable software versions