CVE-2026-27640

Name of the Vulnerable Software and Affected Versions tfplan2md versions prior to 1.26.1

Description tfplan2md is software used to convert Terraform plan JSON files into Markdown reports. Versions of the software prior to 1.26.1 had a flaw where sensitive values that should have been masked as "(sensitive)" were instead rendered in plain text in several rendering paths: AzApi resource body properties, AzureDevOps variable groups, Scriban template context variables, and hierarchical sensitivity detection. This resulted in potential exposure of sensitive data.

Recommendations Update to version 1.26.1 or later.