Linuxfoundation Backstage/plugin-scaffolder-backend — known CVE vulnerabilities
Every CVE whose affected-product data names Linuxfoundation Backstage/plugin-scaffolder-backend, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2026-32237 — CVSS 4.4 (medium): Backstage is an open framework for building developer portals. Prior to 3.1.5, authenticated users with permission to execute scaffolder…
CVE-2026-29184 — CVSS 2.0 (low): Backstage is an open framework for building developer portals. Prior to version 3.1.4, a malicious scaffolder template can bypass the log…