CVE-2026-32236

Published: Mar 12, 2026 Last Modified: Mar 12, 2026

ExploitDB:

Other exploit source:

Google Dorks:

Description

AI Translation Available

Backstage is an open framework for building developer portals. Prior to 0.27.1, a Server-Side Request Forgery (SSRF) vulnerability exists in @backstage/plugin-auth-backend when auth.experimentalClientIdMetadataDocuments.enabled is set to true. The CIMD
metadata fetch validates the initial client_id hostname against private IP ranges but does not apply the same validation after HTTP redirects. The practical impact is limited. The attacker cannot read the response body from the internal request, cannot control request headers or method, and the feature must be explicitly enabled via an experimental flag that is off by default. Deployments that restrict allowedClientIdPatterns to specific trusted domains are not affected. Patched in @backstage/plugin-auth-backend version 0.27.1.

918

Server-Side Request Forgery (SSRF)

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Access Control

Potential Impacts:

Read Application Data Execute Unauthorized Code Or Commands Bypass Protection Mechanism

Applicable Platforms

Technologies: AI/ML, Web Based, Web Server

View CWE Details

https://github.com/backstage/backstage/commit/17038abf2dfdb…

https://github.com/backstage/backstage/commit/17038abf2dfdb4abc08a59b1c95af3985…

https://github.com/backstage/backstage/security/advisories/…

https://github.com/backstage/backstage/security/advisories/GHSA-qp4c-xg64-7c6x

CVE-2026-32236

Description

Server-Side Request Forgery (SSRF)

Common Consequences

Applicable Platforms

Iscriviti alla newsletter