CVE-2026-22772 Overview
CVE-2026-22772 is a Server-Side Request Forgery (SSRF) vulnerability affecting Fulcio, a certificate authority component of the Sigstore project used for issuing code signing certificates based on OpenID Connect (OIDC) identities. The vulnerability exists in Fulcio's metaRegex() function, which uses an unanchored regular expression for validating MetaIssuer URLs. This implementation flaw allows attackers to bypass URL validation controls and trigger SSRF requests to arbitrary internal services.
While the impact is somewhat limited—only GET requests can be initiated, no state mutation is possible, and response data cannot be exfiltrated—the vulnerability enables blind SSRF attacks that could be used for internal network reconnaissance and service probing.
Critical Impact
Attackers can bypass MetaIssuer URL validation in Fulcio to perform blind SSRF attacks against internal network services, potentially enabling reconnaissance of internal infrastructure.
Affected Products
- Fulcio versions prior to 1.8.5
- Sigstore deployments using vulnerable Fulcio certificate authority
- Code signing infrastructure relying on affected Fulcio instances
Discovery Timeline
- 2026-01-12 - CVE CVE-2026-22772 published to NVD
- 2026-01-13 - Last updated in NVD database
Technical Details for CVE-2026-22772
Vulnerability Analysis
This vulnerability falls under CWE-918 (Server-Side Request Forgery), where user-controlled input can manipulate server-side HTTP requests to unintended destinations. The root cause lies in improper input validation within the metaRegex() function, which is responsible for validating MetaIssuer URLs in the OIDC authentication flow.
The vulnerability allows attackers to craft malicious URLs that pass the regex validation while redirecting requests to internal services. Since Fulcio operates as a certificate authority in the software supply chain, this SSRF capability could be leveraged to probe internal network topology, identify running services, and potentially interact with metadata endpoints or other internal APIs.
The attack is constrained to blind SSRF—the attacker cannot observe the response content, limiting data exfiltration. Additionally, only HTTP GET requests can be triggered, preventing state-modifying operations. Despite these limitations, blind SSRF remains a significant security concern for identifying internal services and potentially chaining with other vulnerabilities.
Root Cause
The vulnerability stems from the use of an unanchored regular expression in the metaRegex() function. Without proper anchoring (using ^ for start and $ for end of string), the regex pattern matches partial strings rather than validating the entire input. This allows malicious payloads to be prepended or appended to legitimate URL patterns, effectively bypassing the intended validation logic.
Proper regex anchoring ensures that the entire input string must conform to the expected pattern, preventing partial matches that could contain malicious components.
Attack Vector
The attack is network-based and requires no authentication or user interaction. An attacker can exploit this vulnerability by submitting specially crafted MetaIssuer URLs to the Fulcio service during certificate issuance requests.
The attack flow involves:
- Crafting a malicious URL that bypasses the unanchored regex validation
- Submitting the URL through the OIDC authentication flow
- Fulcio's backend makes a GET request to the attacker-specified internal target
- The attacker infers information about internal services based on timing, error responses, or other observable behaviors
For detailed technical information on the vulnerability and its exploitation, refer to the GitHub Security Advisory GHSA-59jp-pj84-45mr.
Detection Methods for CVE-2026-22772
Indicators of Compromise
- Unusual outbound connection attempts from Fulcio servers to internal network addresses
- HTTP GET requests from Fulcio to non-standard OIDC provider endpoints
- Certificate signing requests with malformed or suspicious MetaIssuer URLs
- Increased network reconnaissance activity originating from certificate authority infrastructure
Detection Strategies
- Implement network monitoring to detect Fulcio services connecting to internal IP ranges or unexpected destinations
- Deploy web application firewall (WAF) rules to inspect MetaIssuer URL parameters for SSRF payloads
- Enable detailed logging on Fulcio instances to capture all MetaIssuer URL validation attempts
- Utilize SentinelOne's behavioral AI to detect anomalous network connection patterns from code signing infrastructure
Monitoring Recommendations
- Monitor DNS queries from Fulcio servers for internal hostnames or unusual resolution patterns
- Implement egress filtering and alerting for Fulcio instances attempting to reach internal services
- Review Fulcio access logs for certificate requests containing suspicious URL patterns
- Set up network segmentation alerts for unauthorized cross-segment traffic from certificate authority systems
How to Mitigate CVE-2026-22772
Immediate Actions Required
- Upgrade Fulcio to version 1.8.5 or later immediately
- Audit existing Fulcio deployments for signs of exploitation
- Implement network segmentation to limit Fulcio's access to internal services
- Deploy egress filtering to restrict outbound connections from certificate authority infrastructure
Patch Information
The vulnerability is fixed in Fulcio version 1.8.5. The patch properly anchors the regular expression in the metaRegex() function to ensure complete URL validation. Organizations should update their Fulcio installations to the patched version as soon as possible.
Review the commit changes on GitHub for technical details on the fix implementation.
Workarounds
- Implement strict network egress controls to prevent Fulcio from connecting to internal services
- Deploy a reverse proxy with URL validation in front of Fulcio to filter suspicious MetaIssuer URLs
- Use network segmentation to isolate Fulcio from sensitive internal infrastructure
- Monitor and alert on any outbound connections from Fulcio to non-whitelisted OIDC provider endpoints
# Example network egress restriction using iptables
# Restrict Fulcio container to only connect to approved OIDC providers
iptables -A OUTPUT -m owner --uid-owner fulcio -d 10.0.0.0/8 -j DROP
iptables -A OUTPUT -m owner --uid-owner fulcio -d 172.16.0.0/12 -j DROP
iptables -A OUTPUT -m owner --uid-owner fulcio -d 192.168.0.0/16 -j DROP
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
