CVE-2026-24046
Backstage CVE-2026-24046 describes a symlink-based path traversal in multiple Scaffolder actions and archive extraction utilities. The vulnerability can allow reading arbitrary files (via debug:log), deleting files outside the workspace (via fs:delete), and writing outside the workspace during ar...