Listen to this Post
The vulnerability stems from a flaw in Parse Server’s request processing pipeline. The server uses a deep copy mechanism, powered by a third-party library, to clone incoming request data. This deep copy step, as a normal part of its operation, strips out `__proto__` properties to prevent standard prototype pollution. However, Parse Server’s security-critical keyword denylist check—designed to block forbidden keywords like __proto__—is executed after this deep copy. Because the deep copy has already removed the `__proto__` property, the denylist check never sees the prohibited key. This allows an attacker to send a crafted request containing `__proto__` pollution payloads. The payload bypasses both the default denylist and class-level permissions (which restrict adding new fields to schemas), leading to prototype pollution in the application. This pollution injects unauthorized fields into class schemas, causing permanent schema type conflicts that remain unresolved even with master key access .
Platform: Parse Server
Version: <6.5.44, <7.0.0-alpha.20 to <9.6.0-alpha.20
Vulnerability : Prototype Pollution / Schema Poisoning
Severity: Moderate (CVSS 4.0 Score 5.9)
date: 17 Mar 2026
Prediction: Patch already available in versions 8.6.44 and 9.6.0-alpha.20
What Undercode Say:
Analytics
This vulnerability (CVE-2026-32878) is classified with a CVSS v4.0 score of 5.9 (Medium) . It is a logic flaw in Parse Server’s own request handling, not a vulnerability in the third-party `deepcopy` library, which functions as designed . The attack vector is network-based, requires low privileges, and has a low attack complexity . It specifically targets the schema system, leading to integrity impacts by allowing permanent, unremovable schema changes.
Bash Commands and Code (Simulation)
Simulate a vulnerable deep copy stripping <strong>proto</strong> before denylist check
Vulnerable Request Payload (Conceptual)
curl -X POST http://your-parse-server.com/classes/MyClass \
-H "X-Parse-Application-Id: YOUR_APP_ID" \
-H "Content-Type: application/json" \
-d '{
"name": "maliciousEntry",
"<strong>proto</strong>": {
"maliciousField": "String"
}
}'
Vulnerable code concept (simplified)
let requestData = req.body;
let clonedData = deepcopy(requestData); // <strong>proto</strong> is stripped here
let sanitizedData = denylistCheck(clonedData); // Check runs AFTER strip
Patched Mechanism (Built-in deep clone)
The new internal clone method preserves the <strong>proto</strong> property for inspection,
allowing the subsequent denylist check to detect and block it.
How Exploit
The attacker crafts a JSON request targeting a Parse Server class. The payload includes a `__proto__` key with nested properties representing new schema fields they wish to inject . The server receives this request and passes it to the third-party deep copy library. This library, as a standard feature, removes the `__proto__` key to prevent prototype pollution during cloning. The modified object (now without __proto__) is then passed to the keyword denylist function. Since the forbidden `__proto__` key is no longer present, the check passes. The server then processes the request, and the nested properties from the original `__proto__` are applied to the object’s prototype, polluting the class schema with new, unauthorized fields .
Protection from this CVE
The primary protection is upgrading Parse Server to the patched versions: `8.6.44` or `9.6.0-alpha.20` or later . The fix replaces the vulnerable third-party deep copy library with a built-in deep clone mechanism . This new internal mechanism safely handles prototype properties, meaning it does not strip `__proto__` before the security check. Consequently, the existing keyword denylist check correctly identifies and rejects requests containing prohibited keys like __proto__, blocking the attack at the proper stage in the pipeline. There are no official workarounds for this vulnerability .
Impact
Successful exploitation allows an attacker to bypass critical security controls: the default keyword denylist and class-level permissions that lock down schema field additions . By polluting the prototype, the attacker can inject arbitrary fields into class schemas . This leads to “permanent schema type conflicts” that cannot be resolved or cleaned even by administrators using the master key . This constitutes a serious integrity violation, corrupting the database schema structure in an irreversible manner.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

