A vulnerability was found in parse-community parse-server up to 8.6.78/9.9.1-alpha.3 . It has been declared as critical . Affected by this issue is some unknown functionality of the component Default File Upload Extension . Such manipulation leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2026-53724 . The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.