SB2026052316 - Information Exposure Through an Error Message in parse-server

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026052316

SB2026052316 - Information Exposure Through an Error Message in parse-server

Published: May 23, 2026

Security Bulletin ID SB2026052316
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Information Exposure Through an Error Message (CVE-ID: CVE-2026-47248)

CWE-ID: CWE-209 - Information Exposure Through an Error Message

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to generation of error message containing sensitive information in the GraphQL endpoint when processing malformed GraphQL queries. A remote attacker can send malformed queries to disclose sensitive information.

Exploitation requires knowledge of the public application id. The issue can expose class names, field names, argument names, mutation names, and input-object fields through validation-error suggestions.


Remediation

Install update from vendor's website.

References