Vulnerability in Perforce Puppet Core

CVE-2026-8804

Puppet resource_api (shipped in Puppet Core 8.x and Puppet Enterprise 2023.8.x and 2025.x) does not preserve the sensitive flag on parameters defined via the resource-api, causing values such as passwords to be stored in cleartext in the a…

Affected products

Weakness classification (CWE)

References