CVE-2026-3118 in Developer Hubinformation

Résumé

par MITRE • 25/02/2026

A security flaw was identified in the Orchestrator Plugin of Red Hat Developer Hub (Backstage). The issue occurs due to insufficient input validation in GraphQL query handling. An authenticated user can inject specially crafted input into API requests, which disrupts backend query processing. This results in the entire Backstage application crashing and restarting, leading to a platform-wide Denial of Service (DoS). As a result, legitimate users temporarily lose access to the platform.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

Redhat

Réserver

24/02/2026

Divulgation

25/02/2026

Modérer

accepté

Entrée

VDB-347755

CPE

prêt

CWE

CWE-89 (confirmé)

CVSS

6.5 (CNA)

EPSS

0.00022

KEV

non

Activités

très faible

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-3118
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-3118
CVE Details	https://www.cvedetails.com/cve/CVE-2026-3118/

◂ Précédent Aperçu Suivant ▸

Do you need the next level of professionalism?

Upgrade your account now!