Key Information Vulnerability Description Vulnerability Type: Potential Path Traversal Affected Component: TechDocs Local Generator Affected Versions: - : , Fixed Versions: - : , Impact Vulnerability Impact: When Backstage is configured with , attackers can exploit a path traversal vulnerability to read arbitrary files from the host machine. Attack Scenario: When processing documentation from untrusted sources, MkDocs follows symbolic links within the directory during the build process, embedding file contents into the generated HTML and exposing them to users viewing the documentation. Remediation Fixed Version: This vulnerability has been fixed in version of . Users should upgrade to this version or higher. Temporary Mitigation Docker Switch: In , switch to : Permission Restriction: Restrict write access to TechDocs source repositories, allowing only trusted users to access them. Additional Information CVSS Score: 5.3 (Medium) CVE ID: CVE-2026-25152 No Known Weaknesses: CWE list is empty References: https://backstage.io/docs/features/techdocs/configuration