Main Vulnerability Database SB2026040784

SB2026040784 - Information Exposure Through an Error Message in Parse Server

Published: April 7, 2026

Security Bulletin ID SB2026040784

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Information Exposure Through an Error Message (CVE-ID: CVE-2026-30835)

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to generation of error messages containing sensitive information in the query execution layer when processing malformed $regex query parameters. A remote attacker can send a specially crafted query request to disclose sensitive information.

The issue leaks database internals such as error messages, error codes, code names, cluster timestamps, and topology details.

Remediation

Install update from vendor's website.

References

https://github.com/parse-community/parse-server/security/advisories/GHSA-9cp7-3q5w-j92g