CVE-2026-27595
Published: 25 February 2026
Summary
CVE-2026-27595 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Parseplatform Parse Dashboard. Its CVSS base score is 9.9 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 35.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).
Deeper analysis
CVE-2026-27595 is a vulnerability in Parse Dashboard, a standalone dashboard for managing Parse Server apps, affecting versions 7.3.0-alpha.42 through 9.0.0-alpha.7. It stems from multiple security issues in the AI Agent API endpoint (POST `/apps/:appId/agent`), which can be chained to allow unauthenticated remote attackers to perform arbitrary read and write operations against any connected Parse Server database using the master key. The agent feature is opt-in, meaning dashboards without an agent configuration are not affected. The issue is classified under CWE-306 (Missing Authentication for Critical Function) with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
Unauthenticated remote attackers can exploit the chained vulnerabilities by sending requests to the exposed agent endpoint, bypassing authentication and gaining full master key privileges. This enables complete read and write access to databases across any connected Parse Server instances managed by the dashboard, potentially leading to data exfiltration, modification, or deletion without requiring user interaction or privileges.
Mitigation is available in Parse Dashboard version 9.0.0-alpha.8, which adds authentication, CSRF validation, and per-app authorization middleware to the agent endpoint. It further restricts read-only users to the `readOnlyMasterKey` with write permissions stripped server-side and corrects a cache key collision between the master key and read-only master key. As a workaround, remove or comment out the agent configuration block from the Parse Dashboard configuration. Details are provided in the GitHub release notes (https://github.com/parse-community/parse-dashboard/releases/tag/9.0.0-alpha.8) and security advisory (https://github.com/parse-community/parse-dashboard/security/advisories/GHSA-qwc3-h9mg-4582).
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-8595
Vulnerability details
Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint (POST `/apps/:appId/agent`) has multiple security vulnerabilities that, when chained, allow unauthenticated remote attackers to perform arbitrary read and write…
more
operations against any connected Parse Server database using the master key. The agent feature is opt-in; dashboards without an agent config are not affected. The fix in version 9.0.0-alpha.8 adds authentication, CSRF validation, and per-app authorization middleware to the agent endpoint. Read-only users are restricted to the `readOnlyMasterKey` with write permissions stripped server-side. A cache key collision between master key and read-only master key was also corrected. As a workaround, remove or comment out the agent configuration block from your Parse Dashboard configuration.
- CWE(s)
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Protocol-Specific Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated remote exploitation of missing authentication (CWE-306) in exposed AI Agent API endpoint of public-facing Parse Dashboard, enabling arbitrary DB read/write via master key.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prohibits critical actions like arbitrary database read/write operations via the unauthenticated AI Agent API endpoint.
Enforces access control policies to prevent unauthenticated chaining of vulnerabilities granting master key privileges to Parse Server databases.
Limits privileges to mitigate full master key access, aligning with server-side write restrictions for read-only users and cache collision fixes.