CVE-2026-44309 Overview
CVE-2026-44309 is a certificate validation flaw [CWE-295] in Gitsign, the keyless Sigstore tool for signing Git commits with GitHub or OIDC identities. Versions prior to 0.16.0 verify signatures against a go-git normalized form of commit and tag objects rather than the raw Git object bytes. Attackers can exploit a parser differential between git-core and go-git to craft malformed objects with duplicate tree headers. The result: a signature validates successfully under gitsign verify, while git-core resolves the commit to entirely different content. This vulnerability is fixed in Gitsign 0.16.0.
Critical Impact
A verified Gitsign signature no longer guarantees that the signed content, the commit semantics shown to users, and the object hash logged in Rekor refer to the same data.
Affected Products
- Sigstore Gitsign versions prior to 0.16.0
- Git workflows relying on gitsign verify for commit integrity
- Git workflows relying on gitsign verify-tag for tag integrity
Discovery Timeline
- 2026-05-15 - CVE-2026-44309 published to NVD
- 2026-05-18 - Last updated in NVD database
Technical Details for CVE-2026-44309
Vulnerability Analysis
The flaw resides in how Gitsign reconstructs commit and tag objects before signature verification. Both gitsign verify and gitsign verify-tag invoke go-git's EncodeWithoutSignature to re-serialize the object, then validate the signature against that reconstructed byte stream. This re-encoding step normalizes the object representation, discarding details that git-core treats as semantically meaningful.
The verification path therefore validates a synthetic representation rather than the canonical Git object bytes. Any divergence between go-git's parser and git-core's parser becomes a verification bypass primitive. The user-visible commit content and the cryptographically verified content can refer to different trees.
Root Cause
The root cause is a parser differential between git-core and go-git for malformed commit objects containing duplicate tree headers. When such an object is parsed, git-core selects the first tree header, while go-git selects the second. Gitsign signs and verifies the go-git normalized form, which contains only the second tree value. The resulting signature validates over content that git-core never presents to the user.
Attack Vector
An attacker crafts a malformed commit or tag object with two tree headers pointing to different tree hashes. The attacker signs the go-git normalized form, which retains only the second tree. When a victim runs gitsign verify, the signature passes. When git-core checks out the commit, it resolves to the first tree, presenting different file contents than what was actually attested. The Rekor transparency log entry reflects only the normalized form, breaking the chain of evidence between log, signature, and runtime state.
No verified public proof-of-concept code is available. See the GitHub Security Advisory GHSA-7rmh-48mx-2vwc for advisory details.
Detection Methods for CVE-2026-44309
Indicators of Compromise
- Commit or tag objects in repository history containing duplicate tree headers when inspected with git cat-file -p <object>.
- Discrepancies between the tree hash reported by git log --format=%T and the tree hash present in Rekor transparency log entries for the same commit.
- Gitsign verification results that succeed on objects which fail strict parsing under alternative Git implementations.
Detection Strategies
- Audit repositories for malformed commit and tag objects by parsing raw object bytes and counting occurrences of each header field.
- Cross-validate signed commits by recomputing the SHA-1 or SHA-256 object hash from raw bytes and comparing against the Rekor log entry.
- Run git fsck --strict across mirrors and CI ingest points to flag objects that deviate from canonical Git formatting.
Monitoring Recommendations
- Log all gitsign verify and gitsign verify-tag invocations in CI and code review pipelines with the Gitsign version recorded.
- Alert on repositories where commit objects contain duplicate or unexpected header fields.
- Monitor Rekor entries for signed commits and reconcile the recorded object hash against the hash observed at checkout time.
How to Mitigate CVE-2026-44309
Immediate Actions Required
- Upgrade Gitsign to version 0.16.0 or later across all developer workstations, CI runners, and verification services.
- Re-verify any recently signed commits and tags using the patched version to confirm prior trust decisions.
- Inventory tooling that consumes Gitsign verification output and confirm each component runs the fixed release.
Patch Information
The maintainers fixed CVE-2026-44309 in Gitsign 0.16.0 by verifying signatures against the raw Git object bytes instead of the go-git normalized form. Review the GitHub Security Advisory GHSA-7rmh-48mx-2vwc for the full release notes and patch references.
Workarounds
- Reject commit and tag objects that contain duplicate header fields at repository ingest using server-side hooks.
- Run git fsck --strict in CI before invoking gitsign verify to fail builds on malformed objects.
- Pin verification workflows to Gitsign 0.16.0 or later and disallow execution of older client versions in protected pipelines.
# Configuration example: enforce strict object validation before signature verification
git fsck --strict --no-dangling || exit 1
gitsign verify --certificate-identity="$SIGNER" \
--certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
HEAD
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
