HIGHVulnerability
Verified
Global

NVD HIGH: CVE-2026-34784 — Parse Server is an open source backend that can be deployed to any infrastructur...

Tuesday, March 31, 2026 at 08:16 PM UTC·Source: NIST NVD

Updated: Monday, April 6, 2026 at 02:17 PM UTC

Executive Summary

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.71 and 9.7.1-alpha.1, file downloads via HTTP Range requests bypass the afterFind(Parse.File) trigger and its validators on storage adapters that support streaming (e.g. the default GridFS adapter). This allows access to files that should be protected by afterFind trigger a

Analysis

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.71 and 9.7.1-alpha.1, file downloads via HTTP Range requests bypass the afterFind(Parse.File) trigger and its validators on storage adapters that support streaming (e.g. the default GridFS adapter). This allows access to files that should be protected by afterFind trigger authorization logic or built-in validators such as requireUser. This issue has been patched in versions 8.6.71 and 9.7.1-alpha.1. CVSS Score: 7.5. Published: 2026-03-31T20:16:29.490.

Indicators of Compromise (1)

CVE (1)
CVE-2026-34784
NVDMITRE CVE
Source Attribution

Originally published by NIST NVD on Mar 31, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerabilityNEW

Coinbase wins conditional approval for national trust bank charter

Coinbase is the latest digital asset firm to receive conditional approval from US regulators for a national trust bank charter.

Finextra
LOWVulnerabilityNEW

Businesses ready to embrace AI-to-AI commerce, consumers more wary - Visa survey

AI-to-AI commerce looks poised to scale, with more than half of US businesses willing to allow agents to negotiate prices and terms directly with other agents on their behalf, according to a survey from Visa.

Finextra
CRITICALVulnerabilityNEW

Trump's Budget Proposal Would Slash CISA After Bruising Year

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/trumps-budget-proposal-would-slash-cisa-after-bruising-year-image_small-6-a-31352.jpg" align=right hspace=4><b>White House Criticizes Cyber Defense Agency - and Proposes a Steep $700 Million Cut</b><br>The FY2027 proposal would cut roughly $707 million from CISA, reducing staffing, contractor support and coordination programs whil

Bank Info Security