CVE-2026-25918 - unity-cli Exposes Plaintext Credentials in Debug Logs (sign-package command)

CVE ID : CVE-2026-25918 Published : Feb. 9, 2026, 9:29 p.m. | 53 minutes ago Description : unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via JSON.stringify without sanitization, exposing secrets to shell history, CI/CD logs, and log aggregation systems. This vulnerability is fixed in 1.8.2. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...