CVE-2026-29186

{"id": "CVE-2026-29186", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.3, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2026-03-07T15:15:55.400", "references": [{"url": "https://github.com/backstage/backstage/security/advisories/GHSA-928r-fm4v-mvrw", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-434"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "Backstage is an open framework for building developer portals. Prior to version 1.14.3, this is a configuration bypass vulnerability that enables arbitrary code execution. The @backstage/plugin-techdocs-node package uses an allowlist to filter dangerous MkDocs configuration keys during the documentation build process. A gap in this allowlist allows attackers to craft an mkdocs.yml that causes arbitrary Python code execution, completely bypassing TechDocs' security controls. This issue has been patched in version 1.14.3."}, {"lang": "es", "value": "Backstage es un framework abierto para construir portales de desarrolladores. Antes de la versi\u00f3n 1.14.3, esta es una vulnerabilidad de omisi\u00f3n de configuraci\u00f3n que permite la ejecuci\u00f3n de c\u00f3digo arbitrario. El paquete @backstage/plugin-techdocs-node utiliza una lista de permitidos para filtrar claves de configuraci\u00f3n peligrosas de MkDocs durante el proceso de compilaci\u00f3n de la documentaci\u00f3n. Una brecha en esta lista de permitidos permite a los atacantes crear un mkdocs.yml que provoca la ejecuci\u00f3n de c\u00f3digo Python arbitrario, eludiendo completamente los controles de seguridad de TechDocs. Este problema ha sido parcheado en la versi\u00f3n 1.14.3."}], "lastModified": "2026-03-11T18:00:01.620", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:linuxfoundation:backstage_plugin-techdocs-node:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "320379D5-BAE8-4314-92DF-83E3D2B8A4B8", "versionEndExcluding": "1.14.3"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}