CVE-2026-30863: CWE-287: Improper Authentication in parse-community parse-server Parse Server is an open-source backend framework that supports social authentication via adapters for Google, Apple, and Facebook, which rely on JWT (JSON Web Token) verification to validate identity tokens. In versions prior to 8.6.10 and

🚨 CRITICAL: parse-server (<8.6.10, <9.5.0-alpha.11) lets attackers bypass auth via JWTs if audience is unset. Upgrade ASAP or configure audience to secure user accounts! radar.offseq.com/threat/cve-2026-30863-cw... #OffSeq #ParseServer #CVE202630863