Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2026-25152
Good to know:
Date: January 30, 2026
Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node provides common node.js functionalities for TechDocs. In versions of @backstage/plugin-techdocs-node prior to 1.13.11 and 1.14.1, a path traversal vulnerability in the TechDocs local generator allows attackers to read arbitrary files from the host filesystem when Backstage is configured with "techdocs.generator.runIn: local". When processing documentation from untrusted sources, symlinks within the docs directory are followed by MkDocs during the build process. File contents are embedded into generated HTML and exposed to users who can view the documentation. This vulnerability is fixed in" @backstage/plugin-techdocs-node" versions 1.13.11 and 1.14.1. Some workarounds are available. Switch to "runIn: docker" in "app-config.yaml" and/or restrict write access to TechDocs source repositories to trusted users only.
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-22Top Fix
Upgrade Version
Upgrade to version @backstage/plugin-techdocs-node - 1.13.11;@backstage/plugin-techdocs-node - 1.14.1;@backstage/plugin-techdocs-node - 1.13.11
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | HIGH |
| Privileges Required (PR): | LOW |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | HIGH |
| Integrity (I): | NONE |
| Availability (A): | NONE |