1. Home
  2. CVE Database
  3. CVE-2026-29186
HIGH · 7.7

CVE-2026-29186

Backstage is an open framework for building developer portals. Prior to version 1.14.3, this is a configuration bypass vulnerability that enables arbitrary code execution. The @backstage/plugin-techdo...

Vulnerability Description

Backstage is an open framework for building developer portals. Prior to version 1.14.3, this is a configuration bypass vulnerability that enables arbitrary code execution. The @backstage/plugin-techdocs-node package uses an allowlist to filter dangerous MkDocs configuration keys during the documentation build process. A gap in this allowlist allows attackers to craft an mkdocs.yml that causes arbitrary Python code execution, completely bypassing TechDocs' security controls. This issue has been patched in version 1.14.3.

CVSS Score

7.7

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
LOW
Availability
LOW

Affected Products

VendorProductVersions
LinuxfoundationBackstage Plugin-Techdocs-Node< 1.14.3

Related Weaknesses (CWE)

CWE-74CWE-434

References

FAQ

What is CVE-2026-29186?

CVE-2026-29186 is a vulnerability with a CVSS score of 7.7 (HIGH). Backstage is an open framework for building developer portals. Prior to version 1.14.3, this is a configuration bypass vulnerability that enables arbitrary code execution. The @backstage/plugin-techdo...

How severe is CVE-2026-29186?

CVE-2026-29186 has been rated HIGH with a CVSS base score of 7.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-29186?

Check the references section above for vendor advisories and patch information. Affected products include: Linuxfoundation Backstage Plugin-Techdocs-Node.