CVE-2026-3118

Medium CVSS: 6.5

A security flaw was identified in the Orchestrator Plugin of Red Hat Developer Hub (Backstage). The issue occurs due to insufficient input validation in GraphQL query handling. An authenticated user can inject specially crafted input into API requests, which disrupts backend query processing. This results in the entire Backstage application crashing and restarting, leading to a platform-wide Denial of Service (DoS). As a result, legitimate users temporarily lose access to the platform.

Vendor

Redhat

Product

Developer Hub

CWE

CWE-89

Yayın Tarihi

2026-02-25 12:16:17

Güncelleme

2026-02-27 17:47:55

Source Identifier

secalert@redhat.com

KEV Date Added

Kategoriler

CWE-89 Developer Hub MEDIUM Redhat 2026

Referanslar

https://access.redhat.com/security/cve/CVE-2026-3118 https://bugzilla.redhat.com/show_bug.cgi?id=2442273

Benzer Kayıtlar

High

CVE-2026-28369

A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more…

High

CVE-2026-28368

A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where…

Medium

CVE-2026-3121

A flaw was found in Keycloak. An administrator with `manage-clients` permission can exploit a misconfiguration where thi…

Medium

CVE-2026-3190

A flaw was found in Keycloak. The User-Managed Access (UMA) 2.0 Protection API endpoint for permission tickets fails to…

Low

CVE-2026-4874

A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery (SSRF) by manipulating t…

Low

CVE-2026-4633

A flaw was found in Keycloak. A remote attacker can exploit differential error messages during the identity-first login…