CVE-2026-27640 — HIGH (7.5)

Q: How severe is CVE-2026-27640?

CVE-2026-27640 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-27640?

Check the references section above for vendor advisories and patch information. Affected products include: Oocx Tfplan2Md.

Vulnerability Description

tfplan2md is software for converting Terraform plan JSON files into human-readable Markdown reports. Prior to version 1.26.1, a bug in tfplan2md affected several distinct rendering paths: AzApi resource body properties, AzureDevOps variable groups, Scriban template context variables, and hierarchical sensitivity detection. This caused reports to render values that should have been masked as "(sensitive)" instead. This issue is fixed in v1.26.1. No known workarounds are available.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Oocx	Tfplan2Md	< 1.26.1

Related Weaknesses (CWE)

CWE-212

References

https://github.com/oocx/tfplan2md/releases/tag/v1.26.1ProductRelease Notes
https://github.com/oocx/tfplan2md/security/advisories/GHSA-5j8r-g94q-2f39Vendor Advisory

FAQ

What is CVE-2026-27640?

CVE-2026-27640 is a vulnerability with a CVSS score of 7.5 (HIGH). tfplan2md is software for converting Terraform plan JSON files into human-readable Markdown reports. Prior to version 1.26.1, a bug in tfplan2md affected several distinct rendering paths: AzApi resour...

How severe is CVE-2026-27640?

CVE-2026-27640 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-27640?

Check the references section above for vendor advisories and patch information. Affected products include: Oocx Tfplan2Md.