Platform
go
Component
github.com/sigstore/cosign
Fixed in
3.0.1
2.6.4
3.0.6
CVE-2026-39395 describes a vulnerability in the cosign verify-blob-attestation function, where it may incorrectly report attestations as "Verified OK" even when they contain malformed payloads or mismatched predicate types. This can lead to a false sense of security and potentially allow attackers to distribute compromised software. The vulnerability affects versions of github.com/sigstore/cosign prior to 3.0.6, and a patch is available in version 3.0.6.
CVE-2026-39395 in cosign verify-blob-attestation allows for the erroneous reporting of a "Verified OK" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and detached signatures, this was due to a logic flaw in the error handling of the predicate type validation. For new-format bundles, the predicate type validation was bypassed completely. This could allow an attacker to create a malicious attestation that passes verification, compromising trust in the verified blob's integrity. The severity of the impact depends on the level of trust placed in the attestation verification process.
An attacker could craft a malicious attestation with an incorrect payload or an invalid predicate type. If cosign verify-blob-attestation is run without --check-claims=true, the tool might falsely report the attestation as valid, allowing the attacker to distribute compromised software with the appearance of being verified. The likelihood of exploitation is high if users blindly trust the output of cosign without verifying the configuration and versions.
Exploit Status
EPSS
0.03% (9% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to upgrade to version 3.0.6 or higher of cosign. This version corrects the vulnerability by implementing proper predicate type validation for both old and new format bundles. It is also strongly recommended to use the --check-claims=true option when running cosign verify-blob-attestation. This forces a more thorough verification of the claims within the attestation, significantly reducing the risk of accepting malicious attestations. Monitoring cosign logs for unusual behavior can also help identify potential attacks.
Update Cosign to version 3.0.6 or later to prevent predicate type validations from being omitted or handled incorrectly, which could result in false reports of successful verification of blobs with malformed signatures or packages.
Vulnerability analysis and critical alerts directly to your inbox.
A blob attestation is a signed statement verifying the integrity and authenticity of a file (blob). It's used to ensure the file hasn't been altered since it was signed.
Predicate type validation ensures the attestation corresponds to the type of blob being verified. Without this validation, an attestation for one file type could be used to verify another, potentially enabling attacks.
This option forces cosign to verify the claims within the attestation, providing an additional layer of security.
Upgrade to version 3.0.6 or higher as soon as possible. In the meantime, use the --check-claims=true option to mitigate the risk.
There are other signature and attestation verification tools, but cosign is a popular and widely used option in the Kubernetes ecosystem.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your go.mod file and we'll tell you instantly if you're affected.