Inefficient Algorithmic Complexity in Parse Server - CVE-2026-57480
Published: June 30, 2026
Parse Server
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to inefficient algorithmic complexity in query handling when processing deeply nested query condition operators. A remote attacker can send a small crafted query to cause a denial of service.
The issue affects REST API and LiveQuery query handling and is reachable in the default configuration. No user authentication is required, and a single request can block the Node.js event loop for many seconds.