{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-39395", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-06T22:06:40.516Z", "datePublished": "2026-04-07T20:06:28.798Z", "dateUpdated": "2026-04-08T15:49:16.587Z"}, "containers": {"cna": {"title": "Cosign's verify-blob-attestation reports false positive when payload parsing fails", "problemTypes": [{"descriptions": [{"cweId": "CWE-754", "lang": "en", "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/sigstore/cosign/security/advisories/GHSA-w6c6-c85g-mmv6", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/sigstore/cosign/security/advisories/GHSA-w6c6-c85g-mmv6"}], "affected": [{"vendor": "sigstore", "product": "cosign", "versions": [{"version": ">= 3.0.0, < 3.0.6", "status": "affected"}, {"version": "< 2.6.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-07T20:06:28.798Z"}, "descriptions": [{"lang": "en", "value": "Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a \"Verified OK\" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and detached signatures, this was due to a logic flaw in the error handling of the predicate type validation. For new-format bundles, the predicate type validation was bypassed completely. This vulnerability is fixed in 3.0.6 and 2.6.3."}], "source": {"advisory": "GHSA-w6c6-c85g-mmv6", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-08T15:49:08.895545Z", "id": "CVE-2026-39395", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T15:49:16.587Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-39395", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-08T15:49:08.895545Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T15:49:12.254Z"}}], "cna": {"title": "Cosign's verify-blob-attestation reports false positive when payload parsing fails", "source": {"advisory": "GHSA-w6c6-c85g-mmv6", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "sigstore", "product": "cosign", "versions": [{"status": "affected", "version": ">= 3.0.0, < 3.0.6"}, {"status": "affected", "version": "< 2.6.3"}]}], "references": [{"url": "https://github.com/sigstore/cosign/security/advisories/GHSA-w6c6-c85g-mmv6", "name": "https://github.com/sigstore/cosign/security/advisories/GHSA-w6c6-c85g-mmv6", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a \"Verified OK\" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and detached signatures, this was due to a logic flaw in the error handling of the predicate type validation. For new-format bundles, the predicate type validation was bypassed completely. This vulnerability is fixed in 3.0.6 and 2.6.3."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-754", "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-07T20:06:28.798Z"}}}, "cveMetadata": {"cveId": "CVE-2026-39395", "state": "PUBLISHED", "dateUpdated": "2026-04-08T15:49:16.587Z", "dateReserved": "2026-04-06T22:06:40.516Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-07T20:06:28.798Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a \"Verified OK\" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and detached signatures, this was due to a logic flaw in the error handling of the predicate type validation. For new-format bundles, the predicate type validation was bypassed completely. This vulnerability is fixed in 3.0.6 and 2.6.3."}], "id": "CVE-2026-39395", "lastModified": "2026-04-08T21:27:00.663", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-07T20:16:33.140", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/sigstore/cosign/security/advisories/GHSA-w6c6-c85g-mmv6"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-754"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "github.com/sigstore/cosign: Cosign: Incorrect attestation verification due to malformed payloads or mismatched predicate types", "id": "2456254", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456254"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "draft"}, "cwe": "CWE-347", "details": ["A flaw was found in Cosign, a tool for code signing and transparency for containers and binaries. A remote attacker could exploit this vulnerability by providing malformed payloads or attestations with mismatched predicate types. This could lead to Cosign erroneously reporting a \"Verified OK\" result, even when the attestations are invalid. This issue compromises the integrity of the verification process, potentially allowing unverified software to be trusted."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-39395", "package_state": [{"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Fix deferred", "package_name": "openshift-pipelines-client", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Fix deferred", "package_name": "redhat-user-workloads/chains-controller-rhel8", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Fix deferred", "package_name": "redhat-user-workloads/chains-controller-rhel9", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Fix deferred", "package_name": "redhat-user-workloads/cli-tkn-rhel8", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Fix deferred", "package_name": "redhat-user-workloads/cli-tkn-rhel9", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Fix deferred", "package_name": "redhat-user-workloads/opc-rhel9", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Fix deferred", "package_name": "redhat-user-workloads/operator-operator-rhel9", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Fix deferred", "package_name": "redhat-user-workloads/pipelines-chains-controller-rhel9", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Fix deferred", "package_name": "redhat-user-workloads/pipelines-cli-tkn-rhel9", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Fix deferred", "package_name": "redhat-user-workloads/pipelines-opc-rhel9", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Fix deferred", "package_name": "redhat-user-workloads/pipelines-rhel9-operator", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Fix deferred", "package_name": "redhat-user-workloads/kn-plugin-event-sender", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Fix deferred", "package_name": "rhacs-eng/release-main", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Fix deferred", "package_name": "rhacs-eng/release-operator", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Fix deferred", "package_name": "rhacs-eng/release-roxctl", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Fix deferred", "package_name": "rhacs-eng/release-scanner-v4", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:trusted_artifact_signer:1", "fix_state": "Fix deferred", "package_name": "redhat-user-workloads/cli-v06", "product_name": "Red Hat Trusted Artifact Signer"}, {"cpe": "cpe:/a:redhat:trusted_artifact_signer:1", "fix_state": "Fix deferred", "package_name": "redhat-user-workloads/cli-v07", "product_name": "Red Hat Trusted Artifact Signer"}, {"cpe": "cpe:/a:redhat:trusted_artifact_signer:1", "fix_state": "Fix deferred", "package_name": "redhat-user-workloads/cli-v08", "product_name": "Red Hat Trusted Artifact Signer"}, {"cpe": "cpe:/a:redhat:trusted_artifact_signer:1", "fix_state": "Fix deferred", "package_name": "securesign/cli-cosign", "product_name": "Red Hat Trusted Artifact Signer"}, {"cpe": "cpe:/a:redhat:trusted_artifact_signer:1", "fix_state": "Fix deferred", "package_name": "securesign/gitsign", "product_name": "Red Hat Trusted Artifact Signer"}, {"cpe": "cpe:/a:redhat:trusted_artifact_signer:1", "fix_state": "Fix deferred", "package_name": "securesign/policy-controller", "product_name": "Red Hat Trusted Artifact Signer"}, {"cpe": "cpe:/a:redhat:openshift_security_profiles_operator:1", "fix_state": "Fix deferred", "package_name": "redhat-user-workloads/security-profiles-operator-bundle-release", "product_name": "Security Profiles Operator"}, {"cpe": "cpe:/a:redhat:openshift_security_profiles_operator:1", "fix_state": "Fix deferred", "package_name": "redhat-user-workloads/security-profiles-operator-release", "product_name": "Security Profiles Operator"}, {"cpe": "cpe:/a:redhat:zero_trust_workload_identity_manager:1", "fix_state": "Fix deferred", "package_name": "redhat-user-workloads/spiffe-spire-agent-1-13-3", "product_name": "Zero Trust Workload Identity Manager"}, {"cpe": "cpe:/a:redhat:zero_trust_workload_identity_manager:1", "fix_state": "Fix deferred", "package_name": "redhat-user-workloads/spiffe-spire-oidc-discovery-provider-1-13-3", "product_name": "Zero Trust Workload Identity Manager"}, {"cpe": "cpe:/a:redhat:zero_trust_workload_identity_manager:1", "fix_state": "Fix deferred", "package_name": "redhat-user-workloads/spiffe-spire-server-1-13-3", "product_name": "Zero Trust Workload Identity Manager"}, {"cpe": "cpe:/a:redhat:zero_trust_workload_identity_manager:0", "fix_state": "Fix deferred", "package_name": "redhat-user-workloads/spiffe-spire-agent-1-12-4", "product_name": "Zero Trust Workload Identity Manager - Tech Preview"}, {"cpe": "cpe:/a:redhat:zero_trust_workload_identity_manager:0", "fix_state": "Fix deferred", "package_name": "redhat-user-workloads/spiffe-spire-oidc-discovery-provider-1-12-4", "product_name": "Zero Trust Workload Identity Manager - Tech Preview"}, {"cpe": "cpe:/a:redhat:zero_trust_workload_identity_manager:0", "fix_state": "Fix deferred", "package_name": "redhat-user-workloads/spiffe-spire-server-1-12-4", "product_name": "Zero Trust Workload Identity Manager - Tech Preview"}, {"cpe": "cpe:/a:redhat:zero_trust_workload_identity_manager:0", "fix_state": "Fix deferred", "package_name": "redhat-user-workloads/zero-trust-workload-identity-manager-0-2", "product_name": "Zero Trust Workload Identity Manager - Tech Preview"}, {"cpe": "cpe:/a:redhat:zero_trust_workload_identity_manager:0", "fix_state": "Fix deferred", "package_name": "redhat-user-workloads/zero-trust-workload-identity-manager-bundle-0-2", "product_name": "Zero Trust Workload Identity Manager - Tech Preview"}], "public_date": "2026-04-07T20:06:28Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-39395\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-39395\nhttps://github.com/sigstore/cosign/security/advisories/GHSA-w6c6-c85g-mmv6"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[3.0.0,3.0.6)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.6.3)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "cosign", "source": "cna", "vendor": "sigstore"}, "product": "cosign", "vendor": "sigstore"}], "analysis": {"en": {"generated_at": "2026-04-08T13:24:00.319977+00:00", "value": {"mitigation_remediation": ["Verify the current cosign version and plan an upgrade to at least 3.0.6 or 2.6.3.", "If an upgrade is not feasible immediately, treat any \"Verified OK\" results from verify\u2011blob\u2011attestation as suspect and corroborate with additional checks such as cross\u2011referencing the payload against known good outputs.", "Monitor cosign release notes for any further fixes or best\u2011practice updates related to attestation handling."], "summary": {"action": "Assess Impact", "impact": "Verification deception via false positive in attestation parsing"}, "threat_synthesis": {"affected_systems": "The vulnerability affects sigstore cosign versions prior to 3.0.6 and 2.6.3. Any deployment using these releases and performing blob attestation verification is impacted.", "description_and_impact": "Cosign, a tool for signing and verifying container images and binaries, incorrectly reports a \"Verified OK\" result when the payload of an attestation is malformed or does not match the expected predicate type. The flaw lies in error handling for old\u2011format bundles and in bypassing validation for new\u2011format bundles, resulting in attestation bypass. An attacker can supply a crafted payload that the system accepts as valid, potentially allowing malicious binaries to be trusted as legitimate.", "risk_and_exploitability": "The CVSS score of 4.3 indicates a moderate severity, but the EPSS score is not available, and the issue is not listed in the CISA KEV catalog. Attacker advantage is limited to creating the impression of a valid signature; exploitation requires that the victim run cosign verify\u2011blob\u2011attestation on attacker\u2011controlled data. The likelihood of exploitation remains uncertain, though the potential to mislead trust chains is significant when the environment relies solely on cosign for attestation validation."}}}}, "created": "2026-04-08T19:34:23.186155+00:00", "updated": "2026-04-08T19:45:52.074160+00:00", "vendors": ["sigstore", "sigstore$PRODUCT$cosign"]}