95 matches found
CVE-2026-29186
Backstage is an open framework for building developer portals. Prior to version 1.14.3, this is a configuration bypass vulnerability that enables arbitrary code execution. The @backstage/plugin-techdocs-node package uses an allowlist to filter dangerous MkDocs configuration keys during the...
CVE-2026-29186 @backstage/plugin-techdocs-node: TechDocs Mkdocs Configuration Key Enables Arbitrary Code Execution
Backstage is an open framework for building developer portals. Prior to version 1.14.3, this is a configuration bypass vulnerability that enables arbitrary code execution. The @backstage/plugin-techdocs-node package uses an allowlist to filter dangerous MkDocs configuration keys during the...
CVE-2026-29186 @backstage/plugin-techdocs-node: TechDocs Mkdocs Configuration Key Enables Arbitrary Code Execution
Backstage is an open framework for building developer portals. Prior to version 1.14.3, this is a configuration bypass vulnerability that enables arbitrary code execution. The @backstage/plugin-techdocs-node package uses an allowlist to filter dangerous MkDocs configuration keys during the...
CVE-2026-29186 @backstage/plugin-techdocs-node: TechDocs Mkdocs Configuration Key Enables Arbitrary Code Execution
Backstage is an open framework for building developer portals. Prior to version 1.14.3, this is a configuration bypass vulnerability that enables arbitrary code execution. The @backstage/plugin-techdocs-node package uses an allowlist to filter dangerous MkDocs configuration keys during the...
CVE-2026-29186
Summary: CVE-2026-29186 affects Backstage prior to version 1.14.3, due to a gap in the allowlist used by the @backstage/plugin-techdocs-node when processing MkDocs configuration keys. This gap enables an attacker to craft an mkdocs.yml that leads to arbitrary Python code execution, bypassing Tech...
TechDocs Mkdocs Configuration Key Enables Arbitrary Code Execution
Impact This is a configuration bypass vulnerability that enables arbitrary code execution. The @backstage/plugin-techdocs-node package uses an allowlist to filter dangerous MkDocs configuration keys during the documentation build process. A gap in this allowlist allows attackers to craft an...
GHSA-928R-FM4V-MVRW TechDocs Mkdocs Configuration Key Enables Arbitrary Code Execution
Impact This is a configuration bypass vulnerability that enables arbitrary code execution. The @backstage/plugin-techdocs-node package uses an allowlist to filter dangerous MkDocs configuration keys during the documentation build process. A gap in this allowlist allows attackers to craft an...
Permissive List of Allowed Inputs
Overview @backstage/plugin-techdocs-node is a Common node.js functionalities for TechDocs, to be shared between techdocs-backend plugin and techdocs-cli Affected versions of this package are vulnerable to Permissive List of Allowed Inputs via the processing of the mkdocs.yml configuration file...
PT-2026-23441
Name of the Vulnerable Software and Affected Versions Backstage versions prior to 1.14.3 Description Backstage, an open framework for building developer portals, contains a configuration bypass that can lead to arbitrary code execution. The @backstage/plugin-techdocs-node package uses an allowlis...
Remote Code Execution (RCE)
@backstage/plugin-techdocs-node is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper sanitization of user-controlled mkdocs.yml configuration specifically MkDocs hooks when TechDocs is configured with runIn: local, which allows an attacker to execute arbitrary Python...
@backstage/plugin-search-backend-module-techdocs (>=0.0.0-nightly-20230323021924 <=0.4.9-next.1), @backstage/plugin-techdocs-backend (>=0.0.0-nightly-20220305022735 <=2.1.4-next.2) +2 more potentially affected by CVE-2026-25153 via @backstage/plugin-techdocs-node (>=0.0.0-nightly-20220315022536 <=1.13.11-next.0)
@backstage/plugin-techdocs-node NPM version =0.0.0-nightly-20220315022536, =0.0.0-nightly-20230323021924, =0.0.0-nightly-20220305022735, =0.0.0-nightly-20220305022735, =0.0.0-nightly-20220305022735, =1.10.4-next.2 Source cves: CVE-2026-25153 Source advisory: OSV:GHSA-6JR7-99PF-8VGF...
@backstage/plugin-techdocs-node vulnerable to arbitrary code execution via MkDocs hooks
Impact When TechDocs is configured with runIn: local, a malicious actor who can submit or modify a repository's mkdocs.yml file can execute arbitrary Python code on the TechDocs build server via MkDocs hooks configuration. Patches Upgrade to @backstage/plugin-techdocs-node version 1.13.11, 1.14.1...
GHSA-6JR7-99PF-8VGF @backstage/plugin-techdocs-node vulnerable to arbitrary code execution via MkDocs hooks
Impact When TechDocs is configured with runIn: local, a malicious actor who can submit or modify a repository's mkdocs.yml file can execute arbitrary Python code on the TechDocs build server via MkDocs hooks configuration. Patches Upgrade to @backstage/plugin-techdocs-node version 1.13.11, 1.14.1...
@backstage/plugin-techdocs-node vulnerable to possible Path Traversal in TechDocs Local Generator
Impact A path traversal vulnerability in the TechDocs local generator allows attackers to read arbitrary files from the host filesystem when Backstage is configured with techdocs.generator.runIn: local. When processing documentation from untrusted sources, symlinks within the docs directory are...
@backstage/plugin-search-backend-module-techdocs (>=0.0.0-nightly-20230323021924 <=0.4.9-next.1), @backstage/plugin-techdocs-backend (>=0.0.0-nightly-20220305022735 <=2.1.4-next.2) +2 more potentially affected by CVE-2026-25152 via @backstage/plugin-techdocs-node (>=0.0.0-nightly-20220315022536 <=1.13.11-next.0)
@backstage/plugin-techdocs-node NPM version =0.0.0-nightly-20220315022536, =0.0.0-nightly-20230323021924, =0.0.0-nightly-20220305022735, =0.0.0-nightly-20220305022735, =0.0.0-nightly-20220305022735, =1.10.4-next.2 Source cves: CVE-2026-25152 Source advisory: OSV:GHSA-W669-JJ7H-88M9...
GHSA-W669-JJ7H-88M9 @backstage/plugin-techdocs-node vulnerable to possible Path Traversal in TechDocs Local Generator
Impact A path traversal vulnerability in the TechDocs local generator allows attackers to read arbitrary files from the host filesystem when Backstage is configured with techdocs.generator.runIn: local. When processing documentation from untrusted sources, symlinks within the docs directory are...
CVE-2026-25152
Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node provides common node.js functionalities for TechDocs. In versions of @backstage/plugin-techdocs-node prior to 1.13.11 and 1.14.1, a path traversal vulnerability in the TechDocs local generator allow...
CVE-2026-25153
Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node provides common node.js functionalities for TechDocs. In versions of @backstage/plugin-techdocs-node prior to 1.13.11 and 1.14.1, when TechDocs is configured with runIn: local, a malicious actor who...
CVE-2026-25152
Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node provides common node.js functionalities for TechDocs. In versions of @backstage/plugin-techdocs-node prior to 1.13.11 and 1.14.1, a path traversal vulnerability in the TechDocs local generator allow...
CVE-2026-25152 @backstage/plugin-techdocs-node vulnerable to possible Path Traversal in TechDocs Local Generator
Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node provides common node.js functionalities for TechDocs. In versions of @backstage/plugin-techdocs-node prior to 1.13.11 and 1.14.1, a path traversal vulnerability in the TechDocs local generator allow...