Product
A denial-of-service vulnerability, CVE-2026-47138, exists in Parse Server due to inefficient regular expression handling of the client SDK version field in HTTP requests, allowing an unauthenticated attacker to exhaust server resources by sending a crafted request with a malicious `X-Parse-Client-Version` header or `_ClientVersion` body field.