CVE-2026-25152

Name of the Vulnerable Software and Affected Versions Backstage versions prior to 1.13.11 and 1.14.1

Description Backstage is a framework for building developer portals, and @backstage/plugin-techdocs-node provides functionalities for TechDocs. A path traversal issue exists in the TechDocs local generator when Backstage is configured with techdocs.generator.runIn: local. Symlinks within the documentation directory are followed during the build process, potentially allowing attackers to read arbitrary files from the host filesystem when processing documentation from untrusted sources. File contents are embedded into generated HTML and exposed to users viewing the documentation. The issue occurs because MkDocs follows symlinks during the build process.

Recommendations Versions prior to 1.13.11 should be updated to version 1.13.11 or later. Versions prior to 1.14.1 should be updated to version 1.14.1 or later. Switch to runIn: docker in app-config.yaml. Restrict write access to TechDocs source repositories to trusted users only.