CVE-2026-32236 | backstage up to 0.27.0 Request Header server-side request forgery (GHSA-qp4c-xg64-7c6x)

A vulnerability categorized as critical has been discovered in backstage up to 0.27.0. Affected is an unknown function of the component Request Header Handler. The manipulation results in server-side request forgery.

This vulnerability was named CVE-2026-32236. The attack may be performed from remote. There is no available exploit.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More