Storyline
Parse Server vulnerable to user enumeration via email verification endpoint
Parse Server's MFA recovery codes not consumed after use Severity: high Identifiers: [{"cve_id": "CVE-2026-31875"}, {"identifiers": [{"value": "GHSA-4hf6-3x24-c9m8", "type": "GHSA"}, {"value": "CVE-2026-31875", "type": "CVE"}]}].
Evidence locked
Today's free sample is only available for the edition's flagship storyline.
Evidence preview
- Parse Server vulnerable to user enumeration via email verification endpointgithub_advisories