CVE-2026-24137
Description
sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client (pkg/tuf/client.go) supports caching target files to disk. It constructs a filesystem path by joining a cache base directory with a target name sourced from signed target metadata; however, it does not validate that the resulting path stays within the cache base directory. A malicious TUF repository can trigger arbitrary file overwriting, limited to the permissions that the calling process has. Note that this should only affect clients that are directly using the TUF client in sigstore/sigstore or are using an older version of Cosign. Public Sigstore deployment users are unaffected, as TUF metadata is validated by a quorum of trusted collaborators. This issue has been fixed in version 1.10.4. As a workaround, users can disable disk caching for the legacy client by setting SIGSTORE_NO_CACHE=true in the environment, migrate to https://github.com/sigstore/sigstore-go/tree/main/pkg/tuf, or upgrade to the latest sigstore/sigstore release.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/sigstore/sigstoreGo | < 1.10.4 | 1.10.4 |
Affected products
247- osv-coords246 versionspkg:apk/chainguard/aactlpkg:apk/chainguard/buildahpkg:apk/chainguard/buildkitdpkg:apk/chainguard/buildkitd-fipspkg:apk/chainguard/cgpkg:apk/chainguard/chainctlpkg:apk/chainguard/cloudbeat-8.19pkg:apk/chainguard/cloudbeat-9.1pkg:apk/chainguard/cloudbeat-9.2pkg:apk/chainguard/cloudbeat-fips-8.19pkg:apk/chainguard/cloudbeat-fips-9.2pkg:apk/chainguard/cosignpkg:apk/chainguard/cosign-fipspkg:apk/chainguard/crossplane-1.20pkg:apk/chainguard/crossplane-2.0pkg:apk/chainguard/crossplane-2.1pkg:apk/chainguard/crossplane-fips-1.20pkg:apk/chainguard/crossplane-fips-2.0pkg:apk/chainguard/crossplane-fips-2.1pkg:apk/chainguard/docker-composepkg:apk/chainguard/docker-compose-fipspkg:apk/chainguard/falcoctlpkg:apk/chainguard/falcoctl-fipspkg:apk/chainguard/falco-no-driverpkg:apk/chainguard/flux-source-controllerpkg:apk/chainguard/flux-source-controller-fipspkg:apk/chainguard/fulciopkg:apk/chainguard/fulcio-fipspkg:apk/chainguard/ghpkg:apk/chainguard/gitsignpkg:apk/chainguard/gitsign-credential-cachepkg:apk/chainguard/goreleaserpkg:apk/chainguard/guacingestpkg:apk/chainguard/guaconepkg:apk/chainguard/image-factorypkg:apk/chainguard/image-factory-fipspkg:apk/chainguard/kopkg:apk/chainguard/ko-fipspkg:apk/chainguard/kotspkg:apk/chainguard/kubescapepkg:apk/chainguard/kyverno-1.15pkg:apk/chainguard/kyverno-1.16pkg:apk/chainguard/kyverno-background-controller-1.15pkg:apk/chainguard/kyverno-background-controller-1.16pkg:apk/chainguard/kyverno-background-controller-fips-1.16pkg:apk/chainguard/kyverno-cleanup-controller-1.15pkg:apk/chainguard/kyverno-cleanup-controller-1.16pkg:apk/chainguard/kyverno-cleanup-controller-fips-1.16pkg:apk/chainguard/kyverno-cli-1.15pkg:apk/chainguard/kyverno-cli-1.16pkg:apk/chainguard/kyverno-cli-fips-1.16pkg:apk/chainguard/kyverno-fips-1.16pkg:apk/chainguard/kyverno-init-container-1.15pkg:apk/chainguard/kyverno-init-container-1.16pkg:apk/chainguard/kyverno-init-container-fips-1.16pkg:apk/chainguard/kyverno-notation-awspkg:apk/chainguard/kyverno-notation-aws-fipspkg:apk/chainguard/kyverno-policy-reporter-plugins-kyvernopkg:apk/chainguard/kyverno-policy-reporter-plugins-kyverno-fipspkg:apk/chainguard/kyverno-reports-controller-1.15pkg:apk/chainguard/kyverno-reports-controller-1.16pkg:apk/chainguard/kyverno-reports-controller-fips-1.16pkg:apk/chainguard/neuvector-sigstore-interfacepkg:apk/chainguard/neuvector-sigstore-interface-fipspkg:apk/chainguard/podmanpkg:apk/chainguard/podman-fipspkg:apk/chainguard/policy-controllerpkg:apk/chainguard/policy-controller-fipspkg:apk/chainguard/policy-controller-testerpkg:apk/chainguard/policy-controller-tester-fipspkg:apk/chainguard/portierispkg:apk/chainguard/portieris-fipspkg:apk/chainguard/prometheus-podman-exporterpkg:apk/chainguard/prometheus-podman-exporter-fipspkg:apk/chainguard/ratifypkg:apk/chainguard/ratify-fipspkg:apk/chainguard/rekor-backfill-indexpkg:apk/chainguard/rekor-clipkg:apk/chainguard/rekor-fips-backfill-indexpkg:apk/chainguard/rekor-fips-clipkg:apk/chainguard/rekor-fips-serverpkg:apk/chainguard/rekor-serverpkg:apk/chainguard/sigstore-scaffolding-ctlog-createctconfigpkg:apk/chainguard/sigstore-scaffolding-ctlog-managectrootspkg:apk/chainguard/sigstore-scaffolding-ctlog-verifyfulciopkg:apk/chainguard/sigstore-scaffolding-fips-ctlog-createctconfigpkg:apk/chainguard/sigstore-scaffolding-fips-ctlog-managectrootspkg:apk/chainguard/sigstore-scaffolding-fips-ctlog-verifyfulciopkg:apk/chainguard/sigstore-scaffolding-fips-tsa-createcertchainpkg:apk/chainguard/sigstore-scaffolding-fips-tuf-serverpkg:apk/chainguard/sigstore-scaffolding-tsa-createcertchainpkg:apk/chainguard/sigstore-scaffolding-tuf-serverpkg:apk/chainguard/skaffoldpkg:apk/chainguard/skaffold-fipspkg:apk/chainguard/skopeopkg:apk/chainguard/skopeo-fipspkg:apk/chainguard/slsa-verifierpkg:apk/chainguard/spire-agentpkg:apk/chainguard/spire-agent-fipspkg:apk/chainguard/tekton-chainspkg:apk/chainguard/tekton-chains-fipspkg:apk/chainguard/tekton-pipelines-controller-0.59pkg:apk/chainguard/tekton-pipelines-controller-0.62pkg:apk/chainguard/tekton-pipelines-controller-0.65pkg:apk/chainguard/tekton-pipelines-controller-0.68pkg:apk/chainguard/tekton-pipelines-controller-1.0pkg:apk/chainguard/tekton-pipelines-controller-1.3pkg:apk/chainguard/tekton-pipelines-controller-1.4pkg:apk/chainguard/tekton-pipelines-controller-1.5pkg:apk/chainguard/tekton-pipelines-controller-1.6pkg:apk/chainguard/tekton-pipelines-controller-1.7pkg:apk/chainguard/tekton-pipelines-controller-fips-0.59pkg:apk/chainguard/tekton-pipelines-controller-fips-0.62pkg:apk/chainguard/tekton-pipelines-controller-fips-0.65pkg:apk/chainguard/tekton-pipelines-controller-fips-0.68pkg:apk/chainguard/tekton-pipelines-controller-fips-1.0pkg:apk/chainguard/tekton-pipelines-controller-fips-1.3pkg:apk/chainguard/tekton-pipelines-controller-fips-1.4pkg:apk/chainguard/tekton-pipelines-controller-fips-1.5pkg:apk/chainguard/tekton-pipelines-controller-fips-1.6pkg:apk/chainguard/tekton-pipelines-controller-fips-1.7pkg:apk/chainguard/tekton-pipelines-controller-fips-1.9pkg:apk/chainguard/teleport-17pkg:apk/chainguard/teleport-17-kube-agent-updaterpkg:apk/chainguard/teleport-17-operatorpkg:apk/chainguard/teleport-18pkg:apk/chainguard/teleport-18.6pkg:apk/chainguard/teleport-18.6-kube-agent-updaterpkg:apk/chainguard/teleport-18.6-operatorpkg:apk/chainguard/teleport-18-kube-agent-updaterpkg:apk/chainguard/teleport-18-kube-agent-updater-compatpkg:apk/chainguard/teleport-18-operatorpkg:apk/chainguard/teleport-18-operator-compatpkg:apk/chainguard/teleport-operator-fips-17pkg:apk/chainguard/teleport-operator-fips-18pkg:apk/chainguard/tflintpkg:apk/chainguard/tflint-fipspkg:apk/chainguard/timestamp-authority-clipkg:apk/chainguard/timestamp-authority-fips-clipkg:apk/chainguard/timestamp-authority-fips-serverpkg:apk/chainguard/timestamp-authority-serverpkg:apk/chainguard/tknpkg:apk/chainguard/tkn-fipspkg:apk/chainguard/trivypkg:apk/chainguard/trivy-fipspkg:apk/chainguard/trivy-operatorpkg:apk/chainguard/trivy-operator-fipspkg:apk/chainguard/undockpkg:apk/chainguard/vexctlpkg:apk/chainguard/witnesspkg:apk/chainguard/xeolpkg:apk/chainguard/xeol-fipspkg:apk/chainguard/zarfpkg:apk/chainguard/zotpkg:apk/wolfi/aactlpkg:apk/wolfi/buildahpkg:apk/wolfi/buildkitdpkg:apk/wolfi/cosignpkg:apk/wolfi/cosign-fipspkg:apk/wolfi/crossplane-2.1pkg:apk/wolfi/docker-composepkg:apk/wolfi/falcoctlpkg:apk/wolfi/falco-no-driverpkg:apk/wolfi/flux-source-controllerpkg:apk/wolfi/fulciopkg:apk/wolfi/ghpkg:apk/wolfi/gitsignpkg:apk/wolfi/gitsign-credential-cachepkg:apk/wolfi/goreleaserpkg:apk/wolfi/guacingestpkg:apk/wolfi/guaconepkg:apk/wolfi/kopkg:apk/wolfi/ko-fipspkg:apk/wolfi/kotspkg:apk/wolfi/kubescapepkg:apk/wolfi/kyverno-1.15pkg:apk/wolfi/kyverno-1.16pkg:apk/wolfi/kyverno-background-controller-1.15pkg:apk/wolfi/kyverno-background-controller-1.16pkg:apk/wolfi/kyverno-cleanup-controller-1.15pkg:apk/wolfi/kyverno-cleanup-controller-1.16pkg:apk/wolfi/kyverno-cli-1.15pkg:apk/wolfi/kyverno-cli-1.16pkg:apk/wolfi/kyverno-init-container-1.15pkg:apk/wolfi/kyverno-init-container-1.16pkg:apk/wolfi/kyverno-notation-awspkg:apk/wolfi/kyverno-reports-controller-1.15pkg:apk/wolfi/kyverno-reports-controller-1.16pkg:apk/wolfi/neuvector-sigstore-interfacepkg:apk/wolfi/podmanpkg:apk/wolfi/policy-controllerpkg:apk/wolfi/policy-controller-testerpkg:apk/wolfi/portierispkg:apk/wolfi/prometheus-podman-exporterpkg:apk/wolfi/ratifypkg:apk/wolfi/rekor-backfill-indexpkg:apk/wolfi/rekor-clipkg:apk/wolfi/rekor-serverpkg:apk/wolfi/sigstore-scaffolding-ctlog-createctconfigpkg:apk/wolfi/sigstore-scaffolding-ctlog-managectrootspkg:apk/wolfi/sigstore-scaffolding-ctlog-verifyfulciopkg:apk/wolfi/sigstore-scaffolding-tsa-createcertchainpkg:apk/wolfi/sigstore-scaffolding-tuf-serverpkg:apk/wolfi/skaffoldpkg:apk/wolfi/skopeopkg:apk/wolfi/slsa-verifierpkg:apk/wolfi/spire-agentpkg:apk/wolfi/tekton-chainspkg:apk/wolfi/tekton-pipelines-controller-1.0pkg:apk/wolfi/tekton-pipelines-controller-1.3pkg:apk/wolfi/tekton-pipelines-controller-1.4pkg:apk/wolfi/tekton-pipelines-controller-1.5pkg:apk/wolfi/tekton-pipelines-controller-1.6pkg:apk/wolfi/tekton-pipelines-controller-1.7pkg:apk/wolfi/teleport-17pkg:apk/wolfi/teleport-18pkg:apk/wolfi/teleport-18.6pkg:apk/wolfi/teleport-18.6-kube-agent-updaterpkg:apk/wolfi/teleport-18.6-operatorpkg:apk/wolfi/teleport-18-kube-agent-updaterpkg:apk/wolfi/teleport-18-kube-agent-updater-compatpkg:apk/wolfi/teleport-18-operatorpkg:apk/wolfi/teleport-18-operator-compatpkg:apk/wolfi/tflintpkg:apk/wolfi/timestamp-authority-clipkg:apk/wolfi/timestamp-authority-serverpkg:apk/wolfi/tknpkg:apk/wolfi/trivypkg:apk/wolfi/trivy-operatorpkg:apk/wolfi/undockpkg:apk/wolfi/vexctlpkg:apk/wolfi/witnesspkg:apk/wolfi/xeolpkg:apk/wolfi/zarfpkg:apk/wolfi/zotpkg:golang/github.com/sigstore/sigstorepkg:rpm/opensuse/apptainer&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/cosign&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cosign&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cosign&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/vexctl&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/vexctl&distro=openSUSE%20Tumbleweedpkg:rpm/suse/cosign&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/cosign&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/cosign&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
< 0.4.12-r43+ 245 more
- (no CPE)range: < 0.4.12-r43
- (no CPE)range: < 1.42.2-r4
- (no CPE)range: < 0.27.1-r2
- (no CPE)range: < 0.27.1-r0
- (no CPE)range: < 0.2.200-r0
- (no CPE)range: < 0.2.197-r0
- (no CPE)range: < 8.19.12-r0
- (no CPE)range: < 9.1.10-r23
- (no CPE)range: < 9.2.5-r1
- (no CPE)range: < 8.19.12-r0
- (no CPE)range: < 9.2.5-r1
- (no CPE)range: < 3.0.4-r2
- (no CPE)range: < 3.0.4-r3
- (no CPE)range: < 1.20.5-r0
- (no CPE)range: < 2.0.6-r5
- (no CPE)range: < 2.1.3-r5
- (no CPE)range: < 1.20.4-r3
- (no CPE)range: < 2.0.6-r6
- (no CPE)range: < 2.1.3-r6
- (no CPE)range: < 5.1.0-r1
- (no CPE)range: < 5.1.0-r1
- (no CPE)range: < 0.12.2-r0
- (no CPE)range: < 0.12.2-r0
- (no CPE)range: < 0.43.0-r1
- (no CPE)range: < 1.7.4-r6
- (no CPE)range: < 1.7.4-r6
- (no CPE)range: < 1.8.5-r1
- (no CPE)range: < 1.8.5-r1
- (no CPE)range: < 2.86.0-r0
- (no CPE)range: < 0.14.0-r0
- (no CPE)range: < 0.14.0-r0
- (no CPE)range: < 2.13.3-r4
- (no CPE)range: < 1.1.0-r0
- (no CPE)range: < 1.1.0-r0
- (no CPE)range: < 1.0.2-r0
- (no CPE)range: < 0.9.0-r5
- (no CPE)range: < 0.18.1-r2
- (no CPE)range: < 0.18.1-r2
- (no CPE)range: < 1.129.3-r1
- (no CPE)range: < 4.0.0-r0
- (no CPE)range: < 1.15.3-r22
- (no CPE)range: < 1.16.3-r2
- (no CPE)range: < 1.15.3-r22
- (no CPE)range: < 1.16.3-r2
- (no CPE)range: < 1.16.3-r3
- (no CPE)range: < 1.15.3-r22
- (no CPE)range: < 1.16.3-r2
- (no CPE)range: < 1.16.3-r3
- (no CPE)range: < 1.15.3-r22
- (no CPE)range: < 1.16.3-r2
- (no CPE)range: < 1.16.3-r3
- (no CPE)range: < 1.16.3-r3
- (no CPE)range: < 1.15.3-r22
- (no CPE)range: < 1.16.3-r2
- (no CPE)range: < 1.16.3-r3
- (no CPE)range: < 1.1-r30
- (no CPE)range: < 1.1-r33
- (no CPE)range: < 0.5.3-r2
- (no CPE)range: < 0.5.3-r5
- (no CPE)range: < 1.15.3-r22
- (no CPE)range: < 1.16.3-r2
- (no CPE)range: < 1.16.3-r3
- (no CPE)range: < 0_git20251212-r4
- (no CPE)range: < 0_git20260130-r0
- (no CPE)range: < 5.7.1-r5
- (no CPE)range: < 5.7.1-r4
- (no CPE)range: < 0.15.1-r0
- (no CPE)range: < 0.15.1-r0
- (no CPE)range: < 0.15.1-r0
- (no CPE)range: < 0.15.1-r0
- (no CPE)range: < 0.13.35-r0
- (no CPE)range: < 0.13.34-r2
- (no CPE)range: < 1.20.0-r2
- (no CPE)range: < 1.20.0-r2
- (no CPE)range: < 1.4.0-r10
- (no CPE)range: < 1.4.0-r10
- (no CPE)range: < 1.5.0-r1
- (no CPE)range: < 1.5.0-r1
- (no CPE)range: < 1.5.0-r1
- (no CPE)range: < 1.5.0-r1
- (no CPE)range: < 1.5.0-r1
- (no CPE)range: < 1.5.0-r1
- (no CPE)range: < 0.7.31-r5
- (no CPE)range: < 0.7.31-r5
- (no CPE)range: < 0.7.31-r5
- (no CPE)range: < 0.7.31-r6
- (no CPE)range: < 0.7.31-r6
- (no CPE)range: < 0.7.31-r6
- (no CPE)range: < 0.7.31-r6
- (no CPE)range: < 0.7.31-r6
- (no CPE)range: < 0.7.31-r5
- (no CPE)range: < 0.7.31-r5
- (no CPE)range: < 2.17.1-r5
- (no CPE)range: < 2.17.1-r2
- (no CPE)range: < 1.21.0-r3
- (no CPE)range: < 1.21.0-r5
- (no CPE)range: < 2.7.1-r9
- (no CPE)range: < 1.14.1-r3
- (no CPE)range: < 1.14.1-r3
- (no CPE)range: < 0.26.0-r6
- (no CPE)range: < 0.26.0-r5
- (no CPE)range: < 0.59.6-r12
- (no CPE)range: < 0.62.9-r12
- (no CPE)range: < 0.65.7-r12
- (no CPE)range: < 0.68.1-r10
- (no CPE)range: < 1.0.0-r13
- (no CPE)range: < 1.3.2-r5
- (no CPE)range: < 1.4.0-r4
- (no CPE)range: < 1.5.0-r4
- (no CPE)range: < 1.6.0-r2
- (no CPE)range: < 1.7.0-r2
- (no CPE)range: < 0.59.6-r11
- (no CPE)range: < 0.62.9-r11
- (no CPE)range: < 0.65.7-r12
- (no CPE)range: < 0.68.1-r10
- (no CPE)range: < 1.0.0-r10
- (no CPE)range: < 1.3.2-r5
- (no CPE)range: < 1.4.0-r4
- (no CPE)range: < 1.5.0-r3
- (no CPE)range: < 1.6.0-r1
- (no CPE)range: < 1.7.0-r1
- (no CPE)range: < 1.9.0-r1
- (no CPE)range: < 17.7.23-r0
- (no CPE)range: < 17.7.23-r0
- (no CPE)range: < 17.7.23-r0
- (no CPE)range: < 18.7.5-r0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 18.7.2-r12
- (no CPE)range: < 18.7.2-r12
- (no CPE)range: < 18.7.2-r12
- (no CPE)range: < 18.7.2-r12
- (no CPE)range: < 17.7.19-r2
- (no CPE)range: < 18.7.1-r1
- (no CPE)range: < 0.60.0-r6
- (no CPE)range: < 0.60.0-r6
- (no CPE)range: < 2.0.4-r1
- (no CPE)range: < 2.0.4-r1
- (no CPE)range: < 2.0.4-r1
- (no CPE)range: < 2.0.4-r1
- (no CPE)range: < 0.43.0-r3
- (no CPE)range: < 0.43.0-r4
- (no CPE)range: < 0.69.0-r0
- (no CPE)range: < 0.69.0-r0
- (no CPE)range: < 0.29.0-r8
- (no CPE)range: < 0.29.0-r8
- (no CPE)range: < 0.11.0-r3
- (no CPE)range: < 0.4.1-r9
- (no CPE)range: < 0.10.2-r3
- (no CPE)range: < 0.10.8-r22
- (no CPE)range: < 0.10.8-r20
- (no CPE)range: < 0.70.1-r4
- (no CPE)range: < 2.1.14-r0
- (no CPE)range: < 0.4.12-r43
- (no CPE)range: < 1.42.2-r4
- (no CPE)range: < 0.27.1-r2
- (no CPE)range: < 3.0.4-r2
- (no CPE)range: < 3.0.4-r3
- (no CPE)range: < 2.1.3-r5
- (no CPE)range: < 5.1.0-r1
- (no CPE)range: < 0.12.2-r0
- (no CPE)range: < 0.43.0-r1
- (no CPE)range: < 1.7.4-r6
- (no CPE)range: < 1.8.5-r1
- (no CPE)range: < 2.86.0-r0
- (no CPE)range: < 0.14.0-r0
- (no CPE)range: < 0.14.0-r0
- (no CPE)range: < 2.13.3-r4
- (no CPE)range: < 1.1.0-r0
- (no CPE)range: < 1.1.0-r0
- (no CPE)range: < 0.18.1-r2
- (no CPE)range: < 0.18.1-r2
- (no CPE)range: < 1.129.3-r1
- (no CPE)range: < 4.0.0-r0
- (no CPE)range: < 1.15.3-r22
- (no CPE)range: < 1.16.3-r2
- (no CPE)range: < 1.15.3-r22
- (no CPE)range: < 1.16.3-r2
- (no CPE)range: < 1.15.3-r22
- (no CPE)range: < 1.16.3-r2
- (no CPE)range: < 1.15.3-r22
- (no CPE)range: < 1.16.3-r2
- (no CPE)range: < 1.15.3-r22
- (no CPE)range: < 1.16.3-r2
- (no CPE)range: < 1.1-r30
- (no CPE)range: < 1.15.3-r22
- (no CPE)range: < 1.16.3-r2
- (no CPE)range: < 0_git20251212-r4
- (no CPE)range: < 5.7.1-r5
- (no CPE)range: < 0.15.1-r0
- (no CPE)range: < 0.15.1-r0
- (no CPE)range: < 0.13.35-r0
- (no CPE)range: < 1.20.0-r2
- (no CPE)range: < 1.4.0-r10
- (no CPE)range: < 1.5.0-r1
- (no CPE)range: < 1.5.0-r1
- (no CPE)range: < 1.5.0-r1
- (no CPE)range: < 0.7.31-r5
- (no CPE)range: < 0.7.31-r5
- (no CPE)range: < 0.7.31-r5
- (no CPE)range: < 0.7.31-r5
- (no CPE)range: < 0.7.31-r5
- (no CPE)range: < 2.17.1-r5
- (no CPE)range: < 1.21.0-r3
- (no CPE)range: < 2.7.1-r9
- (no CPE)range: < 1.14.1-r3
- (no CPE)range: < 0.26.0-r6
- (no CPE)range: < 1.0.0-r13
- (no CPE)range: < 1.3.2-r5
- (no CPE)range: < 1.4.0-r4
- (no CPE)range: < 1.5.0-r4
- (no CPE)range: < 1.6.0-r2
- (no CPE)range: < 1.7.0-r2
- (no CPE)range: < 17.7.23-r0
- (no CPE)range: < 18.7.5-r0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 18.7.2-r12
- (no CPE)range: < 18.7.2-r12
- (no CPE)range: < 18.7.2-r12
- (no CPE)range: < 18.7.2-r12
- (no CPE)range: < 0.60.0-r6
- (no CPE)range: < 2.0.4-r1
- (no CPE)range: < 2.0.4-r1
- (no CPE)range: < 0.43.0-r3
- (no CPE)range: < 0.69.0-r0
- (no CPE)range: < 0.29.0-r8
- (no CPE)range: < 0.11.0-r3
- (no CPE)range: < 0.4.1-r9
- (no CPE)range: < 0.10.2-r3
- (no CPE)range: < 0.10.8-r22
- (no CPE)range: < 0.70.1-r4
- (no CPE)range: < 2.1.14-r0
- (no CPE)range: < 1.10.4
- (no CPE)range: < 1.4.5-4.1
- (no CPE)range: < 3.0.5-150400.3.35.1
- (no CPE)range: < 3.0.5-160000.1.1
- (no CPE)range: < 3.0.5-1.1
- (no CPE)range: < 0.0.20260226T182644-150000.1.149.1
- (no CPE)range: < 0.4.1+git78.f951e3a-150000.1.11.1
- (no CPE)range: < 0.4.1+git78.f951e3a-1.1
- (no CPE)range: < 3.0.5-150400.3.35.1
- (no CPE)range: < 3.0.5-160000.1.1
- (no CPE)range: < 3.0.5-160000.1.1
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-fcv2-xgw5-pqxfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-24137ghsaADVISORY
- github.com/sigstore/sigstore/commit/8ec410a2993ea78083aecf0e473a85453039496envdWEB
- github.com/sigstore/sigstore/releases/tag/v1.10.4nvdWEB
- github.com/sigstore/sigstore/security/advisories/GHSA-fcv2-xgw5-pqxfnvdWEB
- pkg.go.dev/vuln/GO-2026-4358ghsaWEB
News mentions
0No linked articles in our index yet.