Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Integrity-only bypass (I:H, C/A:N); AC:H because it requires the non-default certificateOIDs config plus a certificate that still passes the enforced SAN/issuer checks; no privileges or interaction needed.
Primary rating from Vendor (https://github.com/sigstore/sigstore-js).
CVSS VectorVendor: https://github.com/sigstore/sigstore-js
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
2Blast Radius
ecosystem impact- 3,403 npm packages depend on sigstore (89 direct, 3,315 indirect)
Ecosystem-wide dependent count for version 4.1.1.
DescriptionCVE.org
Summary
The documented certificateOIDs option in sigstore.verify() is accepted by the public API but discarded before verification, so required certificate extension OIDs are never checked.
Details
The public verify options include certificateOIDs and the documentation says those OID/value pairs “must be present in the certificate’s extension list.” The policy-construction path used by sigstore.verify() and createVerifier() only copies the SAN and issuer settings into the verification policy and completely ignores certificateOIDs.
As a result, callers can believe they are constraining verification to certificates carrying specific Fulcio or workload-identifying OIDs, while the actual verifier never receives those constraints. Any bundle that satisfies the remaining checks is accepted even if the required OID extensions are absent or mismatched.
This is reachable from supported usage through the documented certificateOIDs verify option.
PoC
const { createVerificationPolicy } = require("sigstore/dist/config");
const policy = createVerificationPolicy({
certificateIssuer: "https://issuer.example",
certificateIdentityEmail: "victim@example.com",
certificateOIDs: {
"1.2.3.4": "required-value",
},
});
console.log("certificateOIDs" in policy, JSON.stringify(policy));
// false {"subjectAlternativeName":"victim@example.com","extensions":{"issuer":"https://issuer.example"}}Impact
Applications that rely on certificateOIDs to restrict which certificates may sign artifacts receive no such protection. Unauthorized certificates that should be rejected on extension policy can be accepted as long as they satisfy the remaining verification checks.
AnalysisAI
Signature verification policy bypass in the sigstore npm package allows attackers to have unauthorized signing certificates accepted despite explicit OID-based restrictions. The documented certificateOIDs verify option - used by sigstore.verify() and createVerifier() to require specific Fulcio/workload-identity extension OIDs - is silently discarded during policy construction, so those extension constraints are never enforced while callers believe they are. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the target application invokes `sigstore.verify()` or `createVerifier()`/`createVerificationPolicy()` with the `certificateOIDs` option set and treats those OID/value pairs as a security-relevant restriction - this is a non-default, opt-in usage, not the library baseline. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score is 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N), reflecting an integrity-only impact with no confidentiality or availability loss - consistent with a verification bypass rather than code execution or data disclosure. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An organization verifies signed artifacts with `sigstore.verify()` and passes `certificateOIDs` to require a workload-identity extension that only its trusted build system's Fulcio certificates carry. Because that constraint is silently discarded, an attacker who obtains any certificate matching the configured issuer and identity - but lacking the required OID - can produce a bundle that passes verification, and the application accepts a malicious artifact it should have rejected. … |
| Remediation | Upgrade to the fixed release of the sigstore npm package as directed by advisory GHSA-52v5-jr5w-gjxr (https://github.com/sigstore/sigstore-js/security/advisories/GHSA-52v5-jr5w-gjxr); the exact patched version is not present in the provided data and should be taken from the advisory. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Jwt Attack
View allWhy is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update
Authentication bypass in SimpleHelp 5.5.15 and prior (plus 6.0 pre-release builds) allows remote unauthenticated attacke
Authentication bypass in Fortinet FortiOS, FortiProxy, and FortiSwitchManager allows unauthenticated remote attackers to
ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated critical severity (CVS
ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated critical severity (CVS
The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT
A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. Rated criti
A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.27
A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work
The Ruby SAML library is for implementing the client side of a SAML authorization. Rated critical severity (CVSS 9.8), t
cosign is a container signing and verification utility. Rated critical severity (CVSS 9.8), this vulnerability is remote
Biscuit is an authentication and authorization token for microservices architectures. Rated critical severity (CVSS 9.8)
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44494
GHSA-52v5-jr5w-gjxr