CVE advisoryCRITICAL
CVE-2026-29186
Backstage TechDocs Python Code Execution Vulnerability
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A configuration bypass vulnerability exists in the Backstage developer portal's documentation build process, allowing for arbitrary Python code execution via a crafted configuration file. This bypasses security controls, potentially impacting system data and service behavior. It is important to confirm if documentation