CNNVD-202601-4967 Information

CNNVD ID

CNNVD-202601-4967

Related CVE

CVE-2026-25153

• CNNVD Published: 2026-01-30

Description (Chinese)

Backstage是Backstage开源的一个应用软件。后台是一个开放的平台,用于构建开发者门户。 Backstage 1.13.11之前版本和1.14.1之前版本存在代码注入漏洞，该漏洞源于允许在mkdocs.yml中配置恶意钩子，可能导致任意Python代码执行。

Description (English)

Backstage is a Backstage open source application. The back desk is an open platform for building the developers ’ portal. Backstage 1.13.11 and 1.14.1 have a code-injection loophole, which stems from allowing the placement of malicious hooks in mkdocs.yml, which may result in any Python code execution.

Hazard Level

Medium

Vulnerability Type

代码注入

Affected Vendor

Backstage

Published

2026-01-30

Last Modified

2026-02-24

References

https://github.com/backstage/backstage/security/advisories/GHSA-6jr7-99pf-8vgf https://access.redhat.com/security/cve/cve-2026-25153

Patch

https://github.com/backstage/backstage/releases