Blind Trust: The Cosign Bundle Swap (CVE-2026-22703)
Jan 13, 2026·7 min read·13 visits
Executive Summary (TL;DR)
Cosign verification logic had a massive loophole: if the Transparency Log entry (Rekor) looked valid, it stopped checking anything else. Attackers could sign malware, grab a log entry from a legitimate project (like Kubernetes), and staple them together. Cosign would see the valid log entry, give a thumbs up, and fail to notice that the log entry didn't match the malware. Fixed in 2.6.2 and 3.0.4.
A critical logic flaw in Sigstore Cosign allowed attackers to decouple transparency log entries from their artifacts. By exploiting a premature return statement in the verification logic, an attacker with a valid signing key could attach a stolen, valid Rekor log entry from a high-trust project to their own malicious artifact, effectively bypassing transparency audits and fooling the verification engine.
Fix Analysis (2)
Technical Appendix
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NAffected Systems
Affected Versions Detail
| Product | Affected Versions | Fixed Version |
|---|---|---|
cosign Sigstore | < 2.6.2 | 2.6.2 |
cosign Sigstore | < 3.0.4 | 3.0.4 |
| Attribute | Detail |
|---|---|
| CWE ID | CWE-345 |
| Attack Vector | Local (requires crafted bundle) |
| CVSS Score | 5.5 (Medium) |
| Impact | Integrity Verification Bypass |
| Exploit Status | Proof of Concept (Theoretical) |
| EPSS Score | 0.00004 |
MITRE ATT&CK Mapping
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Vulnerability Timeline
Subscribe to updates
Get the latest CVE analysis reports delivered to your inbox.