{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-30T06:07:53.963","vulnerabilities":[{"cve":{"id":"CVE-2026-3118","sourceIdentifier":"secalert@redhat.com","published":"2026-02-25T12:16:17.957","lastModified":"2026-04-22T20:16:41.630","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A security flaw was identified in the Orchestrator Plugin of Red Hat Developer Hub (Backstage). The issue occurs due to insufficient input validation in GraphQL query handling. An authenticated user can inject specially crafted input into API requests, which disrupts backend query processing. This results in the entire Backstage application crashing and restarting, leading to a platform-wide Denial of Service (DoS). As a result, legitimate users temporarily lose access to the platform."},{"lang":"es","value":"Se identificó un fallo de seguridad en el Plugin Orchestrator de Red Hat Developer Hub (Backstage). El problema ocurre debido a una validación de entrada insuficiente en el manejo de consultas GraphQL. Un usuario autenticado puede inyectar una entrada especialmente diseñada en las solicitudes de la API, lo que interrumpe el procesamiento de consultas del backend. Esto resulta en que la aplicación Backstage completa colapse y se reinicie, lo que lleva a una Denegación de Servicio (DoS) en toda la plataforma. Como resultado, los usuarios legítimos pierden temporalmente el acceso a la plataforma."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:developer_hub:-:*:*:*:*:*:*:*","matchCriteriaId":"C64C29AF-F32F-4AC1-BC84-276B4024D0C5"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:9742","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-3118","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442273","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]}]}}]}