In-Depth Analysis of CVE-2026-48036: @hulumi/drift Vulnerability
A critical vulnerability was discovered in the @hulumi/drift package, affecting versions prior to 1.4.0. The vulnerability, classified as CWE-755 (Improper Handling of Exceptional Conditions), allows the drift classifier to fail open on adapter errors and over-promote Mixed verdicts, potentially masking real attacks or falsely escalating incident severity.