CVE-2026-8804
The CVE concerns Puppet’s resource_api (bundled with Puppet Core 8.x and Puppet Enterprise 2023.8.x and 2025.x). A vulnerability exists where the sensitive flag on parameters defined via the resource-api is not preserved, causing values such as passwords to be stored in cleartext in the agent’s l...