CVE-2026-44309

MEDIUM 5.3

gitsign verify accepts signatures over go-git-normalized bytes, enabling trust confusion on malformed commits

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

0th

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking the signature, instead of verifying against the raw git object bytes. For malformed objects with duplicate tree headers, git-core and go-git parse different trees: git-core uses the first, go-git uses the second. A signature crafted over the go-git-normalized form (second tree) passes gitsign verify while git-core resolves the commit to a completely different tree. This breaks the invariant that a verified signature, the commit semantics git-core presents to users, and the object hash logged in Rekor all refer to the same content. This vulnerability is fixed in 0.16.0.

CWE	CWE-347 CWE-295
Vendor	sigstore
Product	gitsign
Published	May 15, 2026

Stay Ahead of the Next One

Get instant alerts for sigstore gitsign

Be the first to know when new medium vulnerabilities affecting sigstore gitsign are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Affected Versions

sigstore / gitsign

< 0.16.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/sigstore/gitsign/security/advisories/GHSA-7rmh-48mx-2vwc