Exfiltration Vulnerability in Backstage Framework by Backstage
CVE-2026-29184

2LOW

Key Information:

Vendor: Backstage
Status: Backstage
Vendor: CVE Published:; 7 March 2026

What is CVE-2026-29184?

Backstage, an open framework designed for building developer portals, has a vulnerability that allows a malicious scaffolder template to bypass the log redaction mechanism. This flaw enables an attacker to exfiltrate sensitive information by running tasks that generate event logs containing secrets. This issue was addressed in version 3.1.4, ensuring that log redaction mechanisms are properly enforced to protect sensitive data from unauthorized access.

Affected Version(s)

backstage < 3.1.4

References

https://github.com/backstage/backstage/security/advisorie...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 7, 2026
Vulnerability Reserved
Mar 4, 2026

CVE-2026-29184 Data

JSON