CVE-2026-44310 Overview
CVE-2026-44310 is a verification bypass vulnerability in Gitsign, the keyless Sigstore signing tool for Git commits using GitHub or OpenID Connect (OIDC) identities. The flaw affects versions 0.4.0 through versions before 0.15.0. A crafted Cryptographic Message Syntax (CMS) or PKCS7 signed message containing an empty certificate set triggers an index-out-of-range panic in CertVerifier.Verify(). The panic is silently swallowed by an internal stream wrapper, and the process exits with code 0. Callers that rely on exit codes interpret the failed verification as successful signature validation.
Critical Impact
Attackers can craft Git commits whose signature verification appears to succeed under git verify-commit, undermining trust in signed commit workflows.
Affected Products
- Sigstore Gitsign versions 0.4.0 through versions prior to 0.15.0
- Git workflows invoking gitsign --verify (GPG-compatible mode)
- Automated CI/CD pipelines using exit codes from git verify-commit for policy enforcement
Discovery Timeline
- 2026-05-15 - CVE-2026-44310 published to the National Vulnerability Database
- 2026-05-18 - Last updated in NVD database
Technical Details for CVE-2026-44310
Vulnerability Analysis
The vulnerability resides in CertVerifier.Verify() within pkg/git/verifier.go. The function calls sd.GetCertificates() and immediately dereferences certs[0] without verifying that the returned slice contains any elements. A CMS/PKCS7 signed message with an empty certificate set is a structurally valid Distinguished Encoding Rules (DER) payload. GetCertificates() returns an empty slice with no error, and the unchecked index access triggers a runtime panic.
On the gitsign --verify code path, the panic is recovered by Wrap() in internal/io/streams.go. The recovery handler returns nil instead of propagating an error. main.go then exits with status code 0. Any caller relying on exit-code-only verification, including git verify-commit and downstream automation, treats the result as a valid signature.
The weakness is classified as [CWE-129] Improper Validation of Array Index.
Root Cause
The root cause is missing bounds validation on a slice returned by an untrusted parser, combined with an overly broad panic recovery routine that converts runtime panics into successful exit states. The verification function assumes at least one certificate is present in any structurally valid signed message.
Attack Vector
An attacker crafts a Git commit signed with a CMS/PKCS7 structure containing an empty certificate set. When a victim or automated pipeline runs git verify-commit against the malicious commit, Gitsign panics during verification, the panic is swallowed, and the process exits successfully. The attacker does not require valid credentials or network access to the victim system; user interaction in the form of running a verification command is required.
No verified public exploit code is available. See the GitHub Security Advisory GHSA-7c37-gx6w-8vc5 for upstream technical details.
Detection Methods for CVE-2026-44310
Indicators of Compromise
- Git commits with CMS/PKCS7 signature blocks that contain an empty certificates SET in the DER structure
- gitsign --verify invocations that exit with status code 0 but produce no certificate identity or issuer information in stdout/stderr
- Repository commits whose signatures cannot be cross-validated against the Sigstore transparency log (Rekor)
Detection Strategies
- Parse signed commit payloads and reject any CMS/PKCS7 structure where the embedded certificate set length is zero
- Cross-check Gitsign verification results against Rekor transparency log entries rather than relying on exit codes alone
- Audit CI/CD pipeline logs for gitsign verify runs that complete without emitting signer identity output
Monitoring Recommendations
- Monitor Git repository ingestion points for signed commits whose verification output is silent or empty
- Alert on Gitsign binary versions older than 0.15.0 running in build and release infrastructure
- Track upstream advisories published by the Sigstore project for additional verification bypass patterns
How to Mitigate CVE-2026-44310
Immediate Actions Required
- Upgrade Gitsign to version 0.15.0 or later across all developer workstations and CI/CD runners
- Inventory all systems running gitsign --verify or git verify-commit against Sigstore-signed commits
- Treat any signature verification result produced by an affected version as untrusted and re-verify with a patched binary
Patch Information
The maintainers fixed the issue in Gitsign 0.15.0 by adding a length check on the certificate slice returned by sd.GetCertificates() before dereferencing the first element. Details are published in the GitHub Security Advisory GHSA-7c37-gx6w-8vc5.
Workarounds
- Do not rely solely on the exit code of gitsign --verify; parse stdout for a confirmed signer identity and certificate subject
- Validate every signed commit against the Rekor transparency log as an independent control
- Restrict commit ingestion to repositories whose signing workflows enforce identity policy at the server side
# Upgrade Gitsign to the patched release
go install github.com/sigstore/gitsign@v0.15.0
# Verify the installed version
gitsign --version
# Confirm verification output includes signer identity, not just exit code
gitsign verify --certificate-identity=<expected-identity> \
--certificate-oidc-issuer=<expected-issuer> HEAD
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
