Description
Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and detached signatures, this was due to a logic flaw in the error handling of the predicate type validation. For new-format bundles, the predicate type validation was bypassed completely. This vulnerability is fixed in 3.0.6 and 2.6.3.
Published: 2026-04-07
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Verification deception via false positive in attestation parsing
Action: Assess Impact
AI Analysis

Impact

Cosign, a tool for signing and verifying container images and binaries, incorrectly reports a "Verified OK" result when the payload of an attestation is malformed or does not match the expected predicate type. The flaw lies in error handling for old‑format bundles and in bypassing validation for new‑format bundles, resulting in attestation bypass. An attacker can supply a crafted payload that the system accepts as valid, potentially allowing malicious binaries to be trusted as legitimate.

Affected Systems

The vulnerability affects sigstore cosign versions prior to 3.0.6 and 2.6.3. Any deployment using these releases and performing blob attestation verification is impacted.

Risk and Exploitability

The CVSS score of 4.3 indicates a moderate severity, but the EPSS score is not available, and the issue is not listed in the CISA KEV catalog. Attacker advantage is limited to creating the impression of a valid signature; exploitation requires that the victim run cosign verify‑blob‑attestation on attacker‑controlled data. The likelihood of exploitation remains uncertain, though the potential to mislead trust chains is significant when the environment relies solely on cosign for attestation validation.

Generated by OpenCVE AI on April 8, 2026 at 13:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify the current cosign version and plan an upgrade to at least 3.0.6 or 2.6.3.
  • If an upgrade is not feasible immediately, treat any "Verified OK" results from verify‑blob‑attestation as suspect and corroborate with additional checks such as cross‑referencing the payload against known good outputs.
  • Monitor cosign release notes for any further fixes or best‑practice updates related to attestation handling.

Generated by OpenCVE AI on April 8, 2026 at 13:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-w6c6-c85g-mmv6 Cosign's verify-blob-attestation reports false positive when payload parsing fails
History

Wed, 15 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:sigstore:cosign:*:*:*:*:*:*:*:*

Wed, 08 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Sigstore
Sigstore cosign
Vendors & Products Sigstore
Sigstore cosign

Wed, 08 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 08 Apr 2026 12:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-347
References
Metrics threat_severity

None

 threat_severity

Moderate

Tue, 07 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
Description Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and detached signatures, this was due to a logic flaw in the error handling of the predicate type validation. For new-format bundles, the predicate type validation was bypassed completely. This vulnerability is fixed in 3.0.6 and 2.6.3.
Title Cosign's verify-blob-attestation reports false positive when payload parsing fails
Weaknesses CWE-754
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Subscriptions

Sigstore Cosign
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-08T15:49:16.587Z

Reserved: 2026-04-06T22:06:40.516Z

Link: CVE-2026-39395

cve-icon Vulnrichment

Updated: 2026-04-08T15:49:12.254Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-07T20:16:33.140

Modified: 2026-04-15T15:57:49.283

Link: CVE-2026-39395

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-07T20:06:28Z

Links: CVE-2026-39395 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:45:52Z

Weaknesses