@backstage/plugin-auth-backend (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package @backstage/plugin-auth-backend, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2026-32236 — CVSS 7.5 (high): Backstage is an open framework for building developer portals. Prior to 0.27.1, a Server-Side Request Forgery (SSRF) vulnerability exists…
CVE-2021-43776 — CVSS 7.4 (high): Backstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to…
CVE-2026-32235 — CVSS 5.9 (medium): Backstage is an open framework for building developer portals. Prior to 0.27.1, the experimental OIDC provider in @backstage/plugin-auth-bac…