VYPR
← All advisories
High severityNVD Advisory· Published Mar 10, 2026· Updated Mar 11, 2026

sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest

CVE-2026-31830

Description

sigstore-ruby is a pure Ruby implementation of the sigstore verify command from the sigstore/cosign project. Prior to 0.2.3, Sigstore::Verifier#verify does not propagate the VerificationFailure returned by verify_in_toto when the artifact digest does not match the digest in the in-toto attestation subject. As a result, verification of DSSE bundles containing in-toto statements returns VerificationSuccess regardless of whether the artifact matches the attested subject. This vulnerability is fixed in 0.2.3.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

sigstore-ruby before 0.2.3 discards the digest mismatch result from in-toto verification, allowing DSSE bundles to validate against any artifact.

Vulnerability

Description

In sigstore-ruby versions prior to 0.2.3, the Sigstore::Verifier#verify method calls verify_in_toto but does not capture or propagate its return value [1][3]. When the artifact digest does not match the digest in the in-toto attestation subject, verify_in_toto returns a VerificationFailure object. Because the caller ignores this return value, execution unconditionally falls through to return VerificationSuccess [3]. This is the only verification sub-check among twelve that fails to propagate a failure [3].

Exploitation

Scenario

An attacker who possesses a valid signed DSSE bundle containing an in-toto attestation for artifact A can present it as a valid attestation for a different artifact B [3]. All other verification checks—DSSE envelope signature, certificate chain, Rekor inclusion, SCTs, and policy—are independent of the artifact content and pass successfully [3]. Only the in-toto subject digest check detects the mismatch, but its result is discarded, so the bundle is accepted.

Impact

This vulnerability allows an attacker to bypass the artifact-to-attestation binding for any consumer that relies on Sigstore::Verifier#verify to validate DSSE/in-toto bundles [3]. The message_signature code path is not affected [3].

Mitigation

The issue is fixed in sigstore-ruby version 0.2.3 [1][2]. No workaround exists; consumers must upgrade to the patched version [3].

References
  1. NVD - CVE-2026-31830
  2. ruby-advisory-db/gems/sigstore/CVE-2026-31830.yml at master · rubysec/ruby-advisory-db
  3. Verifier returns success for DSSE bundles with mismatched in-toto subject digest

AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
sigstoreRubyGems
< 0.2.30.2.3

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.