A vulnerability labeled as problematic has been found in parse-community parse-server up to 9.9.1-alpha.4 . Affected is an unknown function of the component Password Endpoint . Such manipulation leads to information disclosure. This vulnerability is listed as CVE-2026-53725 . The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.