Search for vulnerabilities
| Vulnerability ID | VCID-y8ht-zmnx-3fdd |
| Aliases |
CVE-2026-25152
GHSA-w669-jj7h-88m9 |
| Summary | @backstage/plugin-techdocs-node vulnerable to possible Path Traversal in TechDocs Local Generator A path traversal vulnerability in the TechDocs local generator allows attackers to read arbitrary files from the host filesystem when Backstage is configured with `techdocs.generator.runIn: local`. When processing documentation from untrusted sources, symlinks within the docs directory are followed by MkDocs during the build process. File contents are embedded into generated HTML and exposed to users who can view the documentation. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 6.2 |
| Risk | 3.1 |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| cvssv3 | 5.3 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25152.json |
| epss | 0.00023 | https://api.first.org/data/v1/epss?cve=CVE-2026-25152 |
| cvssv3.1_qr | MODERATE | https://github.com/advisories/GHSA-w669-jj7h-88m9 |
| cvssv3.1_qr | MODERATE | https://github.com/backstage/backstage/security/advisories/GHSA-w669-jj7h-88m9 |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Percentile | 0.06843 |
| EPSS Score | 0.00023 |
| Published At | May 30, 2026, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-05-30T21:06:13.318740+00:00 | GitLab Importer | Import | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@backstage/plugin-techdocs-node/CVE-2026-25152.yml | 38.6.0 |