CNNVD-202601-4968 Information

CNNVD ID

CNNVD-202601-4968

Related CVE

CVE-2026-25152

• CNNVD Published: 2026-01-30

Description (Chinese)

Backstage是Backstage开源的一个应用软件。后台是一个开放的平台,用于构建开发者门户。 Backstage 1.13.11之前版本和1.14.1之前版本存在路径遍历漏洞，该漏洞源于本地生成器存在路径遍历，可能导致任意文件读取。

Description (English)

Backstage is a Backstage open source application. The back desk is an open platform for building the developers ’ portal. Backstage 1.13.11 and 1.14.1 have path-to-path loopholes, which stem from the local generator ’ s path-to-path loop, which may lead to any file reading.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

Backstage

Published

2026-01-30

Last Modified

2026-02-24

References

https://github.com/backstage/backstage/security/advisories/GHSA-w669-jj7h-88m9 https://access.redhat.com/security/cve/cve-2026-25152

Patch

https://github.com/backstage/backstage/releases