Vulnerability Type: Sensitive Value Exposure in Generated Reports Affected Package: tfplan2md Affected Versions: < v1.26.1 Patched Versions: v1.26.1 Impact: Caused reports to render values that should have been masked as "(sensitive)" instead. Impacted AzApi resource body properties, AzureDevOps variable groups, Scriban template context variables, and hierarchical sensitivity detection. Severity: High (8.5/10) CVE ID: CVE-2026-27640 CVSS v4 Base Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Attack Requirements: None - Privileges Required: Low - User Interaction: None - Vulnerable System Impact Metrics: - Confidentiality: High - Integrity: None - Availability: None - Subsequent System Impact Metrics: - Confidentiality: High - Integrity: High - Availability: High References: Related to GHSA-vrg5-jhph-q74p. Several related issues were discovered and fixed in v1.26.1. Patches: Fixed in v1.26.1 Workarounds: None