CVE-2026-22703 | sigstore cosign up to 2.6.1/3.0.3 data authenticity (GHSA-whqx-f9j3-ch6m)

A vulnerability categorized as problematic has been discovered in sigstore cosign up to 2.6.1/3.0.3. Affected by this issue is some unknown functionality. Such manipulation leads to insufficient verification of data authenticity.

This vulnerability is listed as CVE-2026-22703. The attack must be carried out locally. There is no available exploit.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More