VYPR

Backstage\/plugin Scaffolder Backend

by Linux Foundation

Source repositories

CVEs (2)

  • CVE-2026-32237MedMar 12, 2026
    risk 0.22cvss 4.4epss 0.00

    Backstage is an open framework for building developer portals. Prior to 3.1.5, authenticated users with permission to execute scaffolder dry-runs can gain access to server-configured environment secrets through the dry-run API response. Secrets are properly redacted in log…

  • CVE-2026-29184LowMar 7, 2026
    risk 0.13cvss 2.0epss 0.00

    Backstage is an open framework for building developer portals. Prior to version 3.1.4, a malicious scaffolder template can bypass the log redaction mechanism to exfiltrate secrets provided run through task event logs. This issue has been patched in version 3.1.4.