CVE-2026-29185
@backstage/integration: Potential reading of SCM URLs using built in token
CVSS Score
2.7
EPSS Score
0.0%
EPSS Percentile
0th
Backstage is an open framework for building developer portals. Prior to version 1.20.1, a vulnerability in the SCM URL parsing used by Backstage integrations allowed path traversal sequences in encoded form to be included in file paths. When these URLs were processed by integration functions that construct API URLs, the traversal segments could redirect requests to unintended SCM provider API endpoints using the configured server-side integration credentials. This issue has been patched in version 1.20.1.
| CWE | CWE-22 |
| Vendor | backstage |
| Product | backstage |
| Published | Mar 7, 2026 |
| Last Updated | Mar 9, 2026 |
Stay Ahead of the Next One
Get instant alerts for backstage backstage
Be the first to know when new low vulnerabilities affecting backstage backstage are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Affected Versions
backstage / backstage
< 1.20.1