CVE-2026-24137: Sigstore Framework Path Traversal Flaw

CVE-2026-24137 Overview

CVE-2026-24137 is a path traversal vulnerability in the sigstore framework, a common Go library shared across sigstore services and clients. The vulnerability exists in the legacy TUF (The Update Framework) client (pkg/tuf/client.go) which supports caching target files to disk. The client constructs filesystem paths by joining a cache base directory with a target name sourced from signed target metadata without validating that the resulting path stays within the cache base directory. This flaw allows a malicious TUF repository to trigger arbitrary file overwriting, limited only to the permissions of the calling process.

Critical Impact

A malicious TUF repository can exploit this vulnerability to overwrite arbitrary files on systems running affected versions of the sigstore framework, potentially compromising system integrity or enabling further attacks through configuration tampering.

Affected Products

• sigstore/sigstore versions 1.10.3 and below
• Applications using the legacy TUF client directly from sigstore/sigstore
• Older versions of Cosign that depend on vulnerable sigstore versions

Discovery Timeline

• 2026-01-23 - CVE CVE-2026-24137 published to NVD
• 2026-01-26 - Last updated in NVD database

Technical Details for CVE-2026-24137

Vulnerability Analysis

This path traversal vulnerability (CWE-22) arises from insufficient input validation in the legacy TUF client's file caching mechanism. When the TUF client downloads and caches target files, it constructs the destination path by concatenating a base cache directory with the target name received from TUF metadata. The vulnerability occurs because the client fails to sanitize or validate the target name, allowing attackers to include path traversal sequences such as ../ in the target name.

The vulnerability requires a high-complexity attack scenario where the attacker controls or compromises a TUF repository that the victim's sigstore client trusts. Public Sigstore deployment users are unaffected because TUF metadata in public deployments is validated by a quorum of trusted collaborators, preventing malicious target names from being introduced. However, organizations running private TUF repositories or using older Cosign versions with untrusted repositories are at risk.

Root Cause

The root cause is improper input validation in the pkg/tuf/client.go file when handling target file names from TUF metadata. The code performs a simple path join operation between the cache base directory and the target name without canonicalizing the path or verifying that the final destination remains within the intended cache directory boundaries. This allows directory traversal sequences embedded in target names to escape the cache directory.

Attack Vector

The attack is network-based and requires the attacker to either compromise an existing TUF repository that victims trust or convince victims to configure their sigstore client to use a malicious TUF repository. Once the victim's TUF client fetches metadata from the malicious repository, specially crafted target names containing path traversal sequences (e.g., ../../etc/cron.d/malicious) cause the client to write files outside the intended cache directory. The attacker can overwrite configuration files, scripts, or other sensitive files to achieve code execution or privilege escalation, limited by the permissions of the process running the TUF client.

Detection Methods for CVE-2026-24137

Indicators of Compromise

• Unexpected file modifications outside of the sigstore TUF cache directory
• TUF metadata containing target names with ../ or absolute path sequences
• Log entries showing file operations targeting system directories from sigstore processes
• Unusual write activity from processes using the sigstore library

Detection Strategies

• Monitor file system activity from processes using the sigstore library for writes outside expected cache directories
• Implement TUF metadata validation to detect target names containing path traversal sequences
• Review sigstore client logs for unusual target file names or cache operations
• Use file integrity monitoring (FIM) on critical system directories to detect unauthorized modifications

Monitoring Recommendations

• Enable verbose logging for sigstore client operations to capture target file paths being cached
• Deploy endpoint detection to monitor Go applications using sigstore libraries
• Audit TUF repository metadata for any target names containing suspicious path characters
• Monitor for changes to critical configuration files on systems running sigstore clients

How to Mitigate CVE-2026-24137

Immediate Actions Required

• Upgrade to sigstore/sigstore version 1.10.4 or later which includes the path validation fix
• Set the environment variable SIGSTORE_NO_CACHE=true to disable disk caching if immediate upgrade is not possible
• Migrate to the newer TUF client implementation at sigstore-go TUF package
• Review and restrict TUF repository configurations to trusted sources only

Patch Information

The vulnerability has been fixed in sigstore/sigstore version 1.10.4. The fix adds proper path validation to ensure cached target files cannot escape the designated cache directory. The security fix is available in commit 8ec410a2993ea78083aecf0e473a85453039496e. Organizations should update their Go dependencies to pull the patched version. For detailed information, refer to the GitHub Security Advisory GHSA-fcv2-xgw5-pqxf and GitHub Release v1.10.4.

Workarounds

• Disable disk caching by setting the SIGSTORE_NO_CACHE=true environment variable for affected applications
• Migrate to the newer sigstore-go TUF implementation which does not have this vulnerability
• Run sigstore clients with minimal file system permissions to limit the impact of potential file overwrites
• Restrict network access to only trusted TUF repositories

# Disable TUF disk caching as a workaround
export SIGSTORE_NO_CACHE=true

# Update Go module to patched version
go get github.com/sigstore/sigstore@v1.10.4
go mod tidy