This page collects WhisperX intelligence signals tagged #oidc. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical security flaw in Backstage's authentication backend has been exposed, posing a direct threat to any organization using the platform's experimental OIDC provider. The vulnerability, tracked as CVE-2026-32235, allows for a bypass of the redirect URI allowlist—a fundamental security control designed to prevent ...
CNCF 旗下知名开源内部开发者门户 Backstage 的核心身份验证插件 `@backstage/plugin-auth-backend` 被曝存在严重安全漏洞。该漏洞存在于其实验性的 OIDC 身份提供程序中,攻击者可利用此漏洞绕过重定向 URI 白名单限制,可能导致敏感身份验证令牌泄露或账户劫持。该漏洞已被分配编号 CVE-2026-32235,并发布了官方安全公告。 此次漏洞源于 `@backstage/plugin-auth-backend` 插件版本 0.25.3 至 0.27.0 之间的实验性 OIDC 提供程序实现。该插件是 Backstage 平台处理用户登录、认证和授权的核心后端组件,被众多企业用于构建内部开...
CNCF 旗下知名开发者门户框架 Backstage 的核心身份验证插件 `@backstage/plugin-auth-backend` 被曝存在一个安全漏洞,可能允许攻击者绕过重定向 URI 的允许列表检查。该漏洞被追踪为 CVE-2026-32235,影响该插件的实验性 OIDC 提供商功能。 漏洞存在于 `@backstage/plugin-auth-backend` 的 0.27.0 版本之前。具体而言,其实验性 OIDC 提供商在处理某些请求时,未能正确验证重定向 URI,使得攻击者可能将用户重定向至非预期的、潜在恶意的外部地址。这构成了一个典型的授权绕过风险。目前,项目维护方已在 GitHub 上发布了安全公告,并已...
A critical authentication bypass vulnerability has been identified in the Model Context Protocol (MCP) service implementation within Apache Superset, allowing federated attackers to authenticate as any user—including administrative accounts—by exploiting how JWT claims are resolved during login. The flaw resides in `s...
A sophisticated npm supply chain attack, codenamed Mini Shai-Hulud and attributed to the threat actor TeamPCP, has compromised over 160 packages, according to cybersecurity community reports. The campaign represents a notable escalation in software supply chain threats, moving beyond conventional typosquatting techniqu...