CVE-2026-22703 in cosign
Summary
by MITRE • 01/10/2026
Cosign provides code signing and transparency for containers and binaries. Prior to versions 2.6.2 and 3.0.4, Cosign bundle can be crafted to successfully verify an artifact even if the embedded Rekor entry does not reference the artifact's digest, signature or public key. When verifying a Rekor entry, Cosign verifies the Rekor entry signature, and also compares the artifact's digest, the user's public key from either a Fulcio certificate or provided by the user, and the artifact signature to the Rekor entry contents. Without these comparisons, Cosign would accept any response from Rekor as valid. A malicious actor that has compromised a user's identity or signing key could construct a valid Cosign bundle by including any arbitrary Rekor entry, thus preventing the user from being able to audit the signing event. This issue has been patched in versions 2.6.2 and 3.0.4.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 02/06/2026
The vulnerability identified as CVE-2026-22703 represents a critical weakness in the Cosign code signing system that undermines the integrity of artifact verification processes. Cosign serves as a foundational tool for container and binary code signing, providing transparency through integration with Rekor log systems. The flaw exists in versions prior to 2.6.2 and 3.0.4 where the verification mechanism fails to properly validate the correlation between artifact metadata and Rekor entry contents. This represents a significant deviation from established security practices where proper cryptographic verification requires explicit matching of digest values, public keys, and signatures between all components of the signing chain.
The technical implementation flaw stems from insufficient validation logic within Cosign's bundle verification process. When processing Rekor entries, the system correctly validates the Rekor entry signature but neglects to perform essential cross-referencing operations that should confirm the artifact's digest matches the Rekor entry's claimed digest, the user's public key aligns with the entry's key reference, and the signature corresponds to the artifact's content. This omission creates a verification bypass where malicious actors can construct fraudulent Cosign bundles containing arbitrary Rekor entries that appear valid to the system. The vulnerability directly maps to CWE-284 Access Control Bypass and CWE-347 Improper Verification of Cryptographic Signature, both of which are classified as high-risk issues in the Common Weakness Enumeration catalog.
The operational impact of this vulnerability extends beyond simple verification failures and creates a serious threat to software supply chain integrity. An attacker who compromises a user's signing identity or key can exploit this weakness to generate convincing but fraudulent bundles that will pass Cosign verification. This capability undermines the fundamental purpose of code signing and transparency systems, allowing malicious artifacts to appear legitimate within security workflows. The vulnerability particularly affects organizations relying on Cosign for container image verification and binary signing, as it enables attackers to bypass security controls designed to prevent unauthorized modifications. According to ATT&CK framework technique T1553.006 Credential Access: Steal or Forge Kerberos Tickets, this vulnerability enables similar attack patterns where adversaries establish false trust relationships through forged cryptographic evidence.
The security implications of CVE-2026-22703 are particularly concerning given the widespread adoption of Cosign in container security workflows and software supply chain protection. Organizations using older versions of Cosign are vulnerable to attacks where malicious actors can construct bundles that appear to have been properly signed by legitimate users, making detection extremely difficult. The patched versions 2.6.2 and 3.0.4 implement proper validation checks that ensure Rekor entries contain matching digest, key, and signature information before accepting them as valid. This fix addresses the core issue by enforcing cryptographic consistency checks that prevent the acceptance of Rekor entries that do not properly reference the artifact being verified. Security teams should immediately upgrade to these patched versions and conduct thorough audits of their existing Cosign bundles to identify any potentially compromised artifacts. The vulnerability demonstrates the critical importance of proper cryptographic verification in supply chain security systems and highlights the need for comprehensive testing of verification logic in security tools.