Browse all 3 CVE security advisories affecting @backstage. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-32237 | @backstage/plugin-scaffolder-backend: Possible exposure of defaultEnvironment secrets using dry-run endpoint — plugin-scaffolder-backendCWE-200 | 4.4 | Medium | 2026-03-12 |
| CVE-2026-32236 | @backstage/plugin-auth-backend: SSRF in experimental CIMD metadata fetch — plugin-auth-backendCWE-918 | 7.5 | - | 2026-03-12 |
| CVE-2026-32235 | @backstage/plugin-auth-backend: OAuth redirect URI allowlist bypass — plugin-auth-backendCWE-601 | 5.9 | Medium | 2026-03-12 |
This page lists every published CVE security advisory associated with @backstage. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.