Threats Tagged 'cve-2026-32237'
View all threats tagged with 'cve-2026-32237'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-32237'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-32237: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in @backstage plugin-scaffolder-backendCVE-2026-32237 0 Backstage is an open framework for building developer portals. Prior to 3.1.5, authenticated users with permission to execute scaffolder dry-runs can gain access to server-configured environment secrets through the dry-run API response. Secrets are properly redacted in log output but not in all parts of the response payload. Deployments that have configured scaffolder.defaultEnvironment.secrets are affected. This is patched in @backstage/plugin-scaffolder-backend version 3.1.5. Join the discussion | CVE Database V5 | 03/12/2026, 18:38:57 UTC Added: 03/12/2026, 19:00:32 UTC |
Showing 1 to 1 of 1 result