SSRF in @Backstage Plugin-auth-backend

CVE-2026-32236

Backstage is an open framework for building developer portals. Prior to 0.27.1, a Server-Side Request Forgery (SSRF) vulnerability exists in @backstage/plugin-auth-backend when auth.experimentalClientIdMetadataDocuments.enabled is set to t…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.000 (14.8th percentile) — read the EPSS interpretation.

Affected products

@Backstage Plugin-auth-backend — versions < 0.27.1

Weakness classification (CWE)

CWE-918 — Server-Side Request Forgery (SSRF)

References

https://github.com/backstage/backstage/security/advisories/GHSA-qp4c-xg64-7c6x (x_refsource_CONFIRM)
https://github.com/backstage/backstage/commit/17038abf2dfdb4abc08a59b1c95af39851de0e07 (x_refsource_MISC)