CVE-2026-25153
A code injection flaw has been discovered in the npm @backstage/plugin-techdocs-node library. When TechDocs is configured with runIn: local, a malicious actor who can submit or modify a repository's mkdocs.yml file can execute arbitrary Python code on the TechDocs build server via MkDocs hooks...