CVE-2026-48758info

Zusammenfassung

von MITRE • 15.07.2026

sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 3.2.1, the preAuthEncoding function in @sigstore/core uses Node.js ascii encoding when converting the PAE string to bytes, allowing payloadType to be mutated after signing without invalidating the signature and breaking the type-binding guarantee that DSSE is designed to provide. This issue is fixed in version 3.2.1.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Veröffentlichung

15.07.2026

Moderieren

wird geprüft

EPSS

0.00000

KEV

nein

Aktivitäten

very low

Quellen

Do you need the next level of professionalism?

Upgrade your account now!