Primary

Context

tfplan2md Sensitive Value Exposure Vulnerability

Vulnerability

A vulnerability in tfplan2md prior to version 1.26.1 allows plaintext exposure of sensitive Terraform values in Markdown reports. This issue affects several rendering paths, including AzApi resource body properties, AzureDevOps variable groups, Scriban template context variables, and hierarchical sensitivity detection. As a result, values that should have been masked as '(sensitive)' were instead displayed openly. The vulnerability has been addressed in version 1.26.1.

Impact

This vulnerability could lead to unintended disclosure of sensitive information, with exposed values including passwords and secrets, such as Azure administrator login passwords and client secrets.

Remediation

Users can upgrade to tfplan2md version 1.26.1 to address this vulnerability. The release is available on the tfplan2md GitHub Releases page.

Added: Feb 25, 2026, 4:21 AM

Updated: Feb 25, 2026, 4:21 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

3.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

3.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

tfplan2md Sensitive Value Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating