CVE-2026-25918

by Fred · 09/02/2026

unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the –verbose flag is used. Command-line arguments including –email and –password are output via JSON.stringify without sanitization, exposing secrets to shell history, CI/CD logs, and log aggregation systems. This vulnerability is fixed in 1.8.2.

More information : https://github.com/RageAgainstThePixel/unity-cli/commit/8d4d67b23d7c5fd8f00df3f0f10bec2961c95342

CVE-2026-25918

Similar

Recent Posts

Categories

CVE-2026-25918

Share this:

Similar

Recent Posts

Categories

Tags