CVE-2026-25918 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive cre…
Medium CVSS: 5.9

CVE-2026-25918

unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via JSON.stringify without sanitization, exposing secrets to shell history, CI/CD logs, and log aggregation systems. This vulnerability is fixed in 1.8.2.
Vendor
Rageagainstthepixel
Product
Unity-cli
CWE
CWE-532
Yayın Tarihi
2026-02-09 22:16:04
Güncelleme
2026-02-28 00:16:27
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-532 Unity-cli MEDIUM Rageagainstthepixel 2026

Referanslar

https://github.com/RageAgainstThePixel/unity-cli/commit/8d4d67b23d7c5fd8f00df3f0f10bec2961c95342 https://github.com/RageAgainstThePixel/unity-cli/releases/tag/v1.8.2 https://github.com/RageAgainstThePixel/unity-cli/security/advisories/GHSA-4255-c27h-62m5