Skip to main content
Threat Radar animated logo
DashboardThreatsMapFeedsPricingView Plans & Pricing
reconnecting
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.

Threats Tagged 'cve-2026-32235'

View all threats tagged with 'cve-2026-32235'. Filter and sort to focus on specific types of threats.

Pro Console Lifetime

Stop chasing alerts. Route them.

Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.

Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)

View Plans & Pricing

API access activates after upgrading in Console -> Billing.

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

Filter Threats

Narrow down the results by type, severity, or affected countries

Search threats by title, CVE ID, or description. Maximum 100 characters.
Active filters (1):Tag: cve-2026-32235

Threats Tagged 'cve-2026-32235'

Click on any threat for detailed analysis and mitigation recommendations

Red Hat Security Advisory: Red Hat Developer Hub 1.10.0 release.CVE-2026-2950
0

Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.

MediumVulnerability#gcve#csaf#cve-2026-2950
Join the discussion
CVE-2026-32235: CWE-601: URL Redirection to Untrusted Site ('Open Redirect') in @backstage plugin-auth-backendCVE-2026-32235
0

Backstage is an open framework for building developer portals. Prior to 0.27.1, the experimental OIDC provider in @backstage/plugin-auth-backend is vulnerable to a redirect URI allowlist bypass. Instances that have enabled experimental Dynamic Client Registration or Client ID Metadata Documents and configured allowedRedirectUriPatterns are affected. A specially crafted redirect URI can pass the allowlist validation while resolving to an attacker-controlled host. If a victim approves the resulting OAuth consent request, their authorization code is sent to the attacker, who can exchange it for a valid access token. This requires victim interaction and that one of the experimental features is explicitly enabled, which is not the default. This vulnerability is fixed in 0.27.1.

MediumVulnerabilityUnited StatesUnited StatesGermanyGermanyUnited KingdomUnited Kingdom+7#cve#cve-2026-32235#cwe-601
Join the discussion

Showing 1 to 2 of 2 results

Filters:Tag: cve-2026-32235
Page 1 of 1
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses