CVE-2026-22703
Improper Verification in Cosign Bundle Enables Signature Forgery
Publication date: 2026-01-10
Last updated on: 2026-02-05
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sigstore | cosign | to 3.0.4 (exc) |
| sigstore | cosign | to 3.0.3 (inc) |
| sigstore | cosign | 2.6.2 |
| sigstore | cosign | 3.0.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-345 | The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
To detect if your system is vulnerable to CVE-2026-22703, you should first check the version of Cosign installed. Versions prior to 2.6.2 and 3.0.4 are vulnerable. You can check the version by running the command: ``` cosign version ``` If you are using a vulnerable version, you should upgrade to at least 2.6.2 or 3.0.4. Additionally, to verify if a Cosign bundle is properly validated, you can run Cosign verification commands with appropriate flags. For example, verify a signed artifact with: ``` cosign verify --key <public-key-file> <signed-artifact> ``` Ensure you are using the recommended flags such as `--use-signing-config=true` and `--new-bundle-format=true` (default in Cosign v3) to avoid the vulnerability. If you want to check for suspicious or crafted bundles that might exploit this vulnerability, you would need to audit the Rekor transparency log entries and verify that the artifact digest, signature, and public key match the Rekor entry. However, there are no specific commands provided in the resources for detecting crafted bundles on your network. In summary, detection involves: - Checking Cosign version - Verifying signatures with proper flags and trusted keys - Auditing Rekor entries for mismatches (manual or scripted, not detailed here) Upgrading Cosign to patched versions is the primary mitigation and detection step. [2, 1, 3]
Can you explain this vulnerability to me?
This vulnerability in Cosign allows a crafted Cosign bundle to be accepted as valid even if the embedded Rekor transparency log entry does not reference the artifact's digest, signature, or public key. This happens because Cosign's verification process did not always compare the bundle's signature and public key against the Rekor entry unless a trusted root was used. As a result, a malicious actor who has compromised a user's identity or signing key could create a valid Cosign bundle with any arbitrary Rekor entry, bypassing proper verification and preventing auditing of the signing event. The issue was fixed by ensuring that the signature and public key are always compared against the Rekor entry, regardless of trusted root presence. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing a malicious actor who has compromised your identity or signing key to create a valid Cosign bundle that includes arbitrary Rekor entries. This means that the authenticity of signed artifacts can be undermined, and you may not be able to audit or verify the signing events properly. Consequently, this could lead to acceptance of tampered or unauthorized artifacts, compromising the integrity of your software supply chain. [2]
What immediate steps should I take to mitigate this vulnerability?
To mitigate CVE-2026-22703, immediately upgrade Cosign to version 2.6.2 or 3.0.4 or later, where the vulnerability is patched. Alternatively, if upgrading is not possible immediately, provide trusted Rekor public key material via the SIGSTORE_REKOR_PUBLIC_KEY environment variable and use the flags --use-signing-config=false and --new-bundle-format=false during verification to enforce stricter verification. These steps prevent acceptance of crafted Cosign bundles that bypass verification checks. [2]