Skip to main content

sigstore-go CVE-2026-49834

MEDIUM
Insufficient Verification of Data Authenticity (CWE-345)
2026-07-09 https://github.com/sigstore/sigstore-go GHSA-9vcr-p3rj-q5q6
5.9
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
5.9 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
vuln.today AI
5.9 MEDIUM

Log compromise required (AC:H); attacker operates external log infrastructure so PR:N; pure integrity bypass with no confidentiality or availability impact.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
4.0 AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jul 09, 2026 - 23:53 vuln.today

DescriptionGitHub Advisory

Impact

_What kind of vulnerability is it? Who is impacted?_

A verifier configured with WithTransparencyLog(N>1) or WithSignedCertificateTimestamps(N>1) expected defense-in-depth against the compromise of a single log instance. However, threshold counting counted verified witnesses per-entry or per-validation-path rather than per-log-authority.

As a result, a single compromised transparency log could forge multiple entries with different indices, and a single compromised CT log could verify multiple times (either across multiple certificate chains or via multiple embedded SCTs), fully satisfying the multi-log threshold requirements and defeating the multi-log policy.

Note that this does not affect Cosign, as Cosign sets a threshold of 1.

Patches

_Has the problem been patched? What versions should users upgrade to?_

Upgrade to v1.1.5.

Workarounds

_Is there a way for users to fix or remediate the vulnerability without upgrading?_

There is no workaround, beyond relying on trusted logs.

AnalysisAI

Threshold counting logic in sigstore-go's multi-log verification policy is bypassable by a single compromised transparency or CT log. When a verifier is configured with WithTransparencyLog(N>1) or WithSignedCertificateTimestamps(N>1), the intended defense-in-depth - requiring N distinct log authorities to independently vouch for an artifact - fails because counts accumulate per-entry or per-validation-path rather than per-log-authority. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Compromise or operate a trusted Rekor/CT log
Delivery
Forge multiple entries with distinct indices for malicious artifact
Exploit
Present forged entries to sigstore-go verifier
Execution
Per-entry counting satisfies N>1 threshold
Persist
Verifier accepts artifact as multi-log verified
Impact
Malicious artifact enters trusted pipeline

Vulnerability AssessmentAI

Exploitation Exploitation requires two conditions to hold simultaneously: (1) the consuming application must configure the sigstore-go verifier with WithTransparencyLog(N>1) or WithSignedCertificateTimestamps(N>1) - default Cosign usage with threshold=1 is explicitly confirmed unaffected; (2) the attacker must control or have already compromised at least one Rekor transparency log or CT log that is trusted by the verifier's policy. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The provided CVSS 3.1 vector (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N) yields a score of 5.9, which aligns with the realistic attack surface. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who controls or has compromised a single Rekor transparency log operator crafts multiple log entries at distinct tree indices for the same malicious artifact. A downstream pipeline running sigstore-go with WithTransparencyLog(3) expects three separate log authorities to have independently witnessed the artifact; instead, the verifier counts all three forged entries from the single compromised log, satisfies the threshold, and marks the artifact as verified - allowing a tampered or malicious binary to pass supply-chain integrity checks silently. …
Remediation Upgrade sigstore-go to v1.1.5, which is the vendor-released patch per the GitHub Security Advisory at https://github.com/sigstore/sigstore-go/security/advisories/GHSA-9vcr-p3rj-q5q6. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-49834 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy