CVE-2026-24137
Path Traversal in Sigstore TUF Client Allows Arbitrary File Overwrite
Publication date: 2026-01-23
Last updated on: 2026-01-23
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sigstore | sigstore | to 1.10.3 (inc) |
| sigstore | sigstore | 1.10.4 |
| unknown_vendor | cosign | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-24137 is a path traversal vulnerability in the legacy TUF client of the sigstore framework (versions 1.10.3 and below). The client constructs filesystem paths by joining a cache base directory with target file names from signed metadata but does not validate that the resulting path stays within the cache directory. This allows a malicious TUF repository to craft metadata that causes arbitrary file overwriting outside the intended directory, limited by the permissions of the running process. The issue arises because special path elements like '..' are not properly escaped or sanitized, enabling directory traversal attacks. The vulnerability was fixed by implementing a safe path construction method that percent-encodes input paths to prevent escaping the base directory. [2, 3]
How can this vulnerability impact me? :
This vulnerability can allow an attacker controlling a malicious TUF repository to overwrite arbitrary files on the filesystem where the vulnerable client runs, limited by the client's process permissions. This could lead to unauthorized modification of files, potentially compromising the integrity of the system or application using the legacy TUF client. However, exploitation requires high privileges and complex conditions, and it does not affect users of the public Sigstore deployment. The impact is primarily on clients directly using the legacy TUF client or older versions of Cosign relying on it. [2]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should immediately upgrade to sigstore version 1.10.4 or later, which contains the security fix. Alternatively, you can disable disk caching in the legacy TUF client by setting the environment variable SIGSTORE_NO_CACHE=true. Another mitigation is to migrate from the legacy TUF client to the newer TUF client implementation available at https://github.com/sigstore/sigstore-go/tree/main/pkg/tuf. These steps prevent exploitation of the path traversal vulnerability that allows arbitrary file overwriting. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves a path traversal issue in the legacy TUF client of sigstore versions 1.10.3 and below, allowing arbitrary file overwriting via crafted target metadata. Detection would involve monitoring for unexpected file writes outside the intended cache directory by the sigstore client or older Cosign versions using the legacy TUF client. Since the vulnerability is triggered by malicious TUF repository metadata causing path traversal, you can check for suspicious file paths or unexpected file modifications in the cache directory or elsewhere on the filesystem. There are no specific commands provided in the resources to detect this vulnerability directly. However, you can audit file system changes by monitoring the cache directory and look for files created or modified with unusual paths or outside the expected cache base directory. Additionally, checking the version of sigstore or Cosign in use can help identify if the vulnerable version is deployed. Upgrading to version 1.10.4 or later or disabling disk caching (SIGSTORE_NO_CACHE=true) are recommended mitigations. [2, 3]