CVE-2026-3118

Name of the Vulnerable Software and Affected Versions Red Hat Developer Hub (Backstage) Orchestrator Plugin (affected versions not specified)

Description A security flaw exists due to insufficient input validation in GraphQL query handling. An authenticated user can inject specially crafted input into API requests, disrupting backend query processing. This can cause the Backstage application to crash and restart, resulting in a Denial of Service (DoS) and temporary loss of access for legitimate users. The affected API requests involve GraphQL queries. The input within these queries is not properly validated.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.