Vulnerability in Parse Dashboard Affects User Key Management
CVE-2026-27610

7HIGH

Key Information:

Vendor

Parse-community

Status
Parse-dashboard
Vendor
CVE Published:
25 February 2026

What is CVE-2026-27610?

In specific versions of Parse Dashboard, the ConfigKeyCache improperly uses a shared cache key for both the master key and the read-only master key. This flaw can lead to scenarios where a read-only user may inadvertently access the full master key due to timing conditions. Alternatively, regular users may gain access to the read-only master key. It is recommended to upgrade to version 9.0.0-alpha.8, which resolves this issue by implementing distinct cache keys, or temporarily avoid function-typed master keys and adjust the dashboard configuration to mitigate risks.

Affected Version(s)

parse-dashboard >= 7.3.0-alpha.42, < 9.0.0-alpha.8

References

https://github.com/parse-community/parse-dashboard/securi...
x_refsource_CONFIRM
https://github.com/parse-community/parse-dashboard/commit...
x_refsource_MISC
https://github.com/parse-community/parse-dashboard/releas...
x_refsource_MISC

CVSS V4

Score:
7
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.