Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-48815

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-14 Jul, 2026 | 20:27
Updated At-15 Jul, 2026 | 12:56
Rejected At-
Credits

sigstore-js: `certificateOIDs` verification constraints are silently dropped and never enforced

sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 4.1.1, the documented certificateOIDs option in sigstore.verify() is accepted by the public API but discarded before verification, so required certificate extension OIDs are never checked and applications relying on certificateOIDs to restrict which certificates may sign artifacts can accept unauthorized certificates. This issue is fixed in version 4.1.1.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:14 Jul, 2026 | 20:27
Updated At:15 Jul, 2026 | 12:56
Rejected At:
▼CVE Numbering Authority (CNA)
sigstore-js: `certificateOIDs` verification constraints are silently dropped and never enforced

sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 4.1.1, the documented certificateOIDs option in sigstore.verify() is accepted by the public API but discarded before verification, so required certificate extension OIDs are never checked and applications relying on certificateOIDs to restrict which certificates may sign artifacts can accept unauthorized certificates. This issue is fixed in version 4.1.1.

Affected Products
Vendor
sigstore
Product
sigstore-js
Versions
Affected
  • < 4.1.1
Problem Types
TypeCWE IDDescription
CWECWE-347CWE-347: Improper Verification of Cryptographic Signature
Type: CWE
CWE ID: CWE-347
Description: CWE-347: Improper Verification of Cryptographic Signature
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/sigstore/sigstore-js/security/advisories/GHSA-52v5-jr5w-gjxr
x_refsource_CONFIRM
https://github.com/sigstore/sigstore-js/pull/1658
x_refsource_MISC
https://github.com/sigstore/sigstore-js/commit/7845532f9d17f6f765363dbee82b01bd159fb52b
x_refsource_MISC
https://github.com/sigstore/sigstore-js/releases/tag/sigstore%404.1.1
x_refsource_MISC
Hyperlink: https://github.com/sigstore/sigstore-js/security/advisories/GHSA-52v5-jr5w-gjxr
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/sigstore/sigstore-js/pull/1658
Resource:
x_refsource_MISC
Hyperlink: https://github.com/sigstore/sigstore-js/commit/7845532f9d17f6f765363dbee82b01bd159fb52b
Resource:
x_refsource_MISC
Hyperlink: https://github.com/sigstore/sigstore-js/releases/tag/sigstore%404.1.1
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/sigstore/sigstore-js/security/advisories/GHSA-52v5-jr5w-gjxr
exploit
Hyperlink: https://github.com/sigstore/sigstore-js/security/advisories/GHSA-52v5-jr5w-gjxr
Resource:
exploit
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:14 Jul, 2026 | 21:17
Updated At:15 Jul, 2026 | 14:18

sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 4.1.1, the documented certificateOIDs option in sigstore.verify() is accepted by the public API but discarded before verification, so required certificate extension OIDs are never checked and applications relying on certificateOIDs to restrict which certificates may sign artifacts can accept unauthorized certificates. This issue is fixed in version 4.1.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
N/A
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-347Secondarysecurity-advisories@github.com
CWE ID: CWE-347
Type: Secondary
Source: security-advisories@github.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/sigstore/sigstore-js/commit/7845532f9d17f6f765363dbee82b01bd159fb52bsecurity-advisories@github.com
N/A
https://github.com/sigstore/sigstore-js/pull/1658security-advisories@github.com
N/A
https://github.com/sigstore/sigstore-js/releases/tag/sigstore%404.1.1security-advisories@github.com
N/A
https://github.com/sigstore/sigstore-js/security/advisories/GHSA-52v5-jr5w-gjxrsecurity-advisories@github.com
N/A
https://github.com/sigstore/sigstore-js/security/advisories/GHSA-52v5-jr5w-gjxr134c704f-9b21-4f2e-91b3-4a467353bcc0
N/A
Hyperlink: https://github.com/sigstore/sigstore-js/commit/7845532f9d17f6f765363dbee82b01bd159fb52b
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/sigstore/sigstore-js/pull/1658
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/sigstore/sigstore-js/releases/tag/sigstore%404.1.1
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/sigstore/sigstore-js/security/advisories/GHSA-52v5-jr5w-gjxr
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/sigstore/sigstore-js/security/advisories/GHSA-52v5-jr5w-gjxr
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

83Records found

CVE-2026-31830
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.22% / 12.16%
||
7 Day CHG~0.00%
Published-10 Mar, 2026 | 21:46
Updated-20 Mar, 2026 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
sigstore-ruby verifier returns success for DSSE bundles with mismatched in-toto subject digest

sigstore-ruby is a pure Ruby implementation of the sigstore verify command from the sigstore/cosign project. Prior to 0.2.3, Sigstore::Verifier#verify does not propagate the VerificationFailure returned by verify_in_toto when the artifact digest does not match the digest in the in-toto attestation subject. As a result, verification of DSSE bundles containing in-toto statements returns VerificationSuccess regardless of whether the artifact matches the attested subject. This vulnerability is fixed in 0.2.3.

Action-Not Available
Vendor-sigstoresigstore
Product-sigstoresigstore-ruby
CWE ID-CWE-252
Unchecked Return Value
CVE-2026-44309
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 2.06%
||
7 Day CHG~0.00%
Published-15 May, 2026 | 16:22
Updated-15 May, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
gitsign verify accepts signatures over go-git-normalized bytes, enabling trust confusion on malformed commits

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking the signature, instead of verifying against the raw git object bytes. For malformed objects with duplicate tree headers, git-core and go-git parse different trees: git-core uses the first, go-git uses the second. A signature crafted over the go-git-normalized form (second tree) passes gitsign verify while git-core resolves the commit to a completely different tree. This breaks the invariant that a verified signature, the commit semantics git-core presents to users, and the object hash logged in Rekor all refer to the same content. This vulnerability is fixed in 0.16.0.

Action-Not Available
Vendor-sigstore
Product-gitsign
CWE ID-CWE-295
Improper Certificate Validation
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2024-53267
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 0.89%
||
7 Day CHG~0.00%
Published-26 Nov, 2024 | 18:41
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vulnerability with bundle verification in sigstore-java

sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation where a validly-signed but "mismatched" bundle is presented as proof of inclusion into a transparency log. This bug impacts clients using any variation of KeylessVerifier.verify(). The verifier may accept a bundle with an unrelated log entry, cryptographically verifying everything but fails to ensure the log entry applies to the artifact in question, thereby "verifying" a bundle without any proof the signing event was logged. This allows the creation of a bundle without fulcio certificate and private key combined with an unrelated but time-correct log entry to fake logging of a signing event. A malicious actor using a compromised identity may want to do this to prevent discovery via rekor's log monitors. The signer's identity will still be available to the verifier. The signature on the bundle must still be on the correct artifact for the verifier to pass. sigstore-gradle-plugin and sigstore-maven-plugin are not affected by this as they only provide signing functionality. This issue has been patched in v1.1.0 release with PR #856. All users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-sigstoresigstore
Product-sigstore-javasigstore-java
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-49834
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.17% / 6.58%
||
7 Day CHG~0.00%
Published-17 Jul, 2026 | 19:20
Updated-17 Jul, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
sigstore-go: Multi-log threshold bypass via single compromised log

sigstore-go is a Go library for Sigstore signing and verification. Prior to 1.2.0, a verifier configured with WithTransparencyLog(N>1) or WithSignedCertificateTimestamps(N>1) counts verified witnesses per entry or per validation path rather than per log authority, allowing a single compromised transparency log or CT log to satisfy multi-log threshold requirements and defeat the multi-log policy. This issue is fixed in version 1.2.0.

Action-Not Available
Vendor-sigstore
Product-sigstore-go
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-48758
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.26% / 17.99%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 20:36
Updated-15 Jul, 2026 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
sigstore-js: DSSE payloadType type-binding failure

sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 3.2.1, the preAuthEncoding function in @sigstore/core uses Node.js ascii encoding when converting the PAE string to bytes, allowing payloadType to be mutated after signing without invalidating the signature and breaking the type-binding guarantee that DSSE is designed to provide. This issue is fixed in version 3.2.1.

Action-Not Available
Vendor-sigstore
Product-sigstore-js
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2022-35930
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.52% / 40.90%
||
7 Day CHG~0.00%
Published-04 Aug, 2022 | 21:15
Updated-23 Apr, 2025 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ability to bypass attestation verification in sigstore PolicyController

PolicyController is a utility used to enforce supply chain policy in Kubernetes clusters. In versions prior to 0.2.1 PolicyController will report a false positive, resulting in an admission when it should not be admitted when there is at least one attestation with a valid signature and there are NO attestations of the type being verified (--type defaults to "custom"). An example image that can be used to test this is `ghcr.io/distroless/static@sha256:dd7614b5a12bc4d617b223c588b4e0c833402b8f4991fb5702ea83afad1986e2`. Users should upgrade to version 0.2.1 to resolve this issue. There are no workarounds for users unable to upgrade.

Action-Not Available
Vendor-sigstoresigstore
Product-policy_controllerpolicy-controller
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2022-36056
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 4.17%
||
7 Day CHG~0.00%
Published-14 Sep, 2022 | 19:50
Updated-22 Apr, 2025 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vulnerabilities with blob verification in sigstore cosign

Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. In versions prior to 1.12.0 a number of vulnerabilities have been found in cosign verify-blob, where Cosign would successfully verify an artifact when verification should have failed. First a cosign bundle can be crafted to successfully verify a blob even if the embedded rekorBundle does not reference the given signature. Second, when providing identity flags, the email and issuer of a certificate is not checked when verifying a Rekor bundle, and the GitHub Actions identity is never checked. Third, providing an invalid Rekor bundle without the experimental flag results in a successful verification. And fourth an invalid transparency log entry will result in immediate success for verification. Details and examples of these issues can be seen in the GHSA-8gw7-4j42-w388 advisory linked. Users are advised to upgrade to 1.12.0. There are no known workarounds for these issues.

Action-Not Available
Vendor-sigstoresigstore
Product-cosigncosign
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2022-35929
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.55% / 42.37%
||
7 Day CHG~0.00%
Published-04 Aug, 2022 | 18:45
Updated-22 Apr, 2025 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
False positive signature verification in cosign

cosign is a container signing and verification utility. In versions prior to 1.10.1 cosign can report a false positive if any attestation exists. `cosign verify-attestation` used with the `--type` flag will report a false positive verification when there is at least one attestation with a valid signature and there are NO attestations of the type being verified (--type defaults to "custom"). This can happen when signing with a standard keypair and with "keyless" signing with Fulcio. This vulnerability can be reproduced with the `distroless.dev/static@sha256:dd7614b5a12bc4d617b223c588b4e0c833402b8f4991fb5702ea83afad1986e2` image. This image has a `vuln` attestation but not an `spdx` attestation. However, if you run `cosign verify-attestation --type=spdx` on this image, it incorrectly succeeds. This issue has been addressed in version 1.10.1 of cosign. Users are advised to upgrade. There are no known workarounds for this issue.

Action-Not Available
Vendor-sigstoresigstore
Product-cosigncosign
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2023-47122
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-4.2||MEDIUM
EPSS-0.37% / 29.21%
||
7 Day CHG~0.00%
Published-10 Nov, 2023 | 21:33
Updated-03 Sep, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gitsign's Rekor public keys fetched from upstream API instead of local TUF client.

Gitsign is software for keyless Git signing using Sigstore. In versions of gitsign starting with 0.6.0 and prior to 0.8.0, Rekor public keys were fetched via the Rekor API, instead of through the local TUF client. If the upstream Rekor server happened to be compromised, gitsign clients could potentially be tricked into trusting incorrect signatures. There is no known compromise the default public good instance (`rekor.sigstore.dev`) - anyone using this instance is unaffected. This issue was fixed in v0.8.0. No known workarounds are available.

Action-Not Available
Vendor-sigstoresigstore
Product-gitsigngitsign
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2020-13101
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.73% / 50.24%
||
7 Day CHG~0.00%
Published-24 Aug, 2020 | 07:04
Updated-04 Aug, 2024 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In OASIS Digital Signature Services (DSS) 1.0, an attacker can control the validation outcome (i.e., trigger either a valid or invalid outcome for a valid or invalid signature) via a crafted XML signature, when the InlineXML option is used. This defeats the expectation of non-repudiation.

Action-Not Available
Vendor-oasis-openn/a
Product-oasis_digital_signature_servicesn/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2020-13415
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.75% / 50.73%
||
7 Day CHG~0.00%
Published-22 May, 2020 | 20:48
Updated-04 Aug, 2024 | 12:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Aviatrix Controller through 5.1. An attacker with any signed SAML assertion from the Identity Provider can establish a connection (even if that SAML assertion has expired or is from a user who is not authorized to access Aviatrix), aka XML Signature Wrapping.

Action-Not Available
Vendor-n/aAviatrix Systems, Inc.
Product-controllern/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2020-13845
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.52% / 40.54%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 17:23
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cryptographically validated signature.

Action-Not Available
Vendor-sylabsn/a
Product-singularityn/a
CWE ID-CWE-354
Improper Validation of Integrity Check Value
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2020-11093
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.93% / 56.74%
||
7 Day CHG~0.00%
Published-24 Dec, 2020 | 20:05
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authorization bypass in Hyperledger Indy

Hyperledger Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In Hyperledger Indy before version 1.12.4, there is lack of signature verification on a specific transaction which enables an attacker to make certain unauthorized alterations to the ledger. Updating a DID with a nym transaction will be written to the ledger if neither ROLE or VERKEY are being changed, regardless of sender. A malicious DID with no particular role can ask an update for another DID (but cannot modify its verkey or role). This is bad because 1) Any DID can write a nym transaction to the ledger (i.e., any DID can spam the ledger with nym transactions), 2) Any DID can change any other DID's alias, 3) The update transaction modifies the ledger metadata associated with a DID.

Action-Not Available
Vendor-hyperledgerThe Linux Foundation
Product-indy-nodeindy-node
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-9793
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 2.14%
||
7 Day CHG~0.00%
Published-28 May, 2026 | 03:44
Updated-03 Jun, 2026 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak: keycloak: security policy bypass in jwe-encrypted request object processing

A flaw was found in Keycloak. When a JSON Web Encryption (JWE) encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the decrypted content is raw JSON, bypassing the configured signature policy. This allows a remote attacker to submit unauthorized claims, leading to a compromise of data integrity within the OpenID Connect (OIDC) authorization flow. While a redirect URI allowlist acts as a compensating control, this vulnerability violates OIDC Core and Financial-grade API (FAPI) signing requirements.

Action-Not Available
Vendor-Red Hat, Inc.
Product-build_of_keycloakRed Hat Build of Keycloak
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2023-25934
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-0.27% / 18.63%
||
7 Day CHG~0.00%
Published-04 May, 2023 | 06:58
Updated-29 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. A network attacker with an ability to intercept the request could potentially exploit this vulnerability to modify the body data of the request.

Action-Not Available
Vendor-Dell Inc.
Product-elastic_cloud_storageECS
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2025-47949
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.9||CRITICAL
EPSS-0.46% / 36.88%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 19:28
Updated-19 Sep, 2025 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
samlify SAML Signature Wrapping attack

samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fixes the issue.

Action-Not Available
Vendor-samlify_projecttngan
Product-samlifysamlify
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-17561
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-1.63% / 73.64%
||
7 Day CHG~0.00%
Published-30 Mar, 2020 | 18:44
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The "Apache NetBeans" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. "Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability.

Action-Not Available
Vendor-n/aThe Apache Software FoundationOracle Corporation
Product-netbeansgraalvmApache NetBeans
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-7511
Matching Score-4
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-4
Assigner-wolfSSL Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.17% / 6.72%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 21:32
Updated-27 Jun, 2026 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PKCS7_verify signer confusion allows forged signatures to be accepted

PKCS7_verify signer confusion allows forged signatures, where the signer associated with a signature is not correctly bound, permitting a forged signature to be accepted.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-6331
Matching Score-4
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-4
Assigner-wolfSSL Inc.
CVSS Score-2.1||LOW
EPSS-0.15% / 4.41%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 20:56
Updated-27 Jun, 2026 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HMAC zero-length tag forgery in EVP_DigestVerifyFinal

HMAC zero-length tag forgery in EVP_DigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility HMAC verify path the supplied signature length was only checked as not exceeding the MAC length, so a zero-length or otherwise truncated tag could pass verification. The fix requires the supplied tag length to exactly equal the MAC length and rejects a zero-length MAC, so a forged short or empty tag is no longer accepted.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2023-40012
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.20% / 10.03%
||
7 Day CHG~0.00%
Published-09 Aug, 2023 | 15:33
Updated-03 Oct, 2024 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
uthenticode EKU validation bypass

uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Versions of uthenticode prior to the 2.x series did not check Extended Key Usages in certificates, in violation of the Authenticode X.509 certificate profile. As a result, a malicious user could produce a "signed" PE file that uthenticode would verify and consider valid using an X.509 certificate that isn't entitled to produce code signatures (e.g., a SSL certificate). By design, uthenticode does not perform full-chain validation. However, the absence of EKU validation was an unintended oversight. The 2.0.0 release series includes EKU checks. There are no workarounds to this vulnerability.

Action-Not Available
Vendor-trailofbitstrailofbits
Product-uthenticodeuthenticode
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-325
Missing Cryptographic Step
CVE-2021-33054
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.99% / 58.49%
||
7 Day CHG~0.00%
Published-04 Jun, 2021 | 14:40
Updated-03 Aug, 2024 | 23:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any SAML assertions it receives. Any actor with network access to the deployment could impersonate users when SAML is the authentication method. (Only versions after 2.0.5a are affected.)

Action-Not Available
Vendor-inversen/aDebian GNU/Linux
Product-debian_linuxsogon/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2023-49079
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.40% / 32.29%
||
7 Day CHG~0.00%
Published-29 Nov, 2023 | 18:56
Updated-02 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Misskey's missing signature validation allows arbitrary users to impersonate any remote user.

Misskey is an open source, decentralized social media platform. Misskey's missing signature validation allows arbitrary users to impersonate any remote user. This issue has been patched in version 2023.11.1-beta.1.

Action-Not Available
Vendor-misskeymisskey-dev
Product-misskeymisskey
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-11755
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-1.07% / 61.22%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 17:10
Updated-04 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the contents of the encrypted message, and might have stripped a different signature from the encrypted message. Previous versions had only suppressed showing a digital signature for messages with an outer multipart/signed layer. This vulnerability affects Thunderbird < 68.1.1.

Action-Not Available
Vendor-Mozilla Corporation
Product-thunderbirdThunderbird
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2025-29915
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.26% / 17.39%
||
7 Day CHG+0.02%
Published-10 Apr, 2025 | 19:51
Updated-29 May, 2025 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Suricata af-packet: defrag option can lead to truncated packets affecting visibility

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The AF_PACKET defrag option is enabled by default and allows AF_PACKET to re-assemble fragmented packets before reaching Suricata. However the default packet size in Suricata is based on the network interface MTU which leads to Suricata seeing truncated packets. Upgrade to Suricata 7.0.9, which uses better defaults and adds warnings for user configurations that may lead to issues.

Action-Not Available
Vendor-oisfOISF
Product-suricatasuricata
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-28091
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.32% / 67.76%
||
7 Day CHG~0.00%
Published-04 Jun, 2021 | 14:39
Updated-03 Aug, 2024 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature.

Action-Not Available
Vendor-entrouvertn/aDebian GNU/LinuxFedora Project
Product-lassodebian_linuxfedoran/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-55961
Matching Score-4
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-4
Assigner-wolfSSL Inc.
CVSS Score-8.2||HIGH
EPSS-0.10% / 0.82%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 16:51
Updated-26 Jun, 2026 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
wolfSSL_PKCS7_verify() reports success for degenerate (certs-only) PKCS#7 with no signer

wolfSSL_PKCS7_verify() returning success for a degenerate (certs-only) PKCS#7 object that contains no signer. Such an object has empty signerInfos, so the underlying signed-data verification succeeds without authenticating any content. The compatibility-layer verify path now rejects the object when no signer signature has actually been verified, so a PKCS#7 carrying no valid signature is no longer reported as verified. This is enforced regardless of the PKCS7_NOVERIFY flag, which only suppresses signer certificate chain validation and was never intended to waive the requirement that a signature exist. Only affects OpenSSL compatibility builds that call the PKCS7_verify() compatibility API on potentially degenerate PKCS#7 bundles.

Action-Not Available
Vendor-wolfsslwolfSSL
Product-wolfsslwolfSSL
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2005-2181
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.19% / 64.42%
||
7 Day CHG~0.00%
Published-10 Jul, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-ip_phone_7940_firmwareip_phone_7940ip_phone_7960ip_phone_7960_firmwaren/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-5050
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.5||HIGH
EPSS-0.21% / 10.75%
||
7 Day CHG~0.00%
Published-16 Apr, 2026 | 05:29
Updated-22 Apr, 2026 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Payment Gateway for Redsys & WooCommerce Lite <= 7.0.0 - Improper Verification of Cryptographic Signature to Unauthenticated Payment Status Manipulation

The Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, 7.0.0 due to successful_request() handlers calculating a local signature but not validating Ds_Signature from the request before accepting payment status across the Redsys, Bizum, and Google Pay gateway flows. This makes it possible for unauthenticated attackers to forge payment callback data and mark pending orders as paid when they know a valid order key and order amount, potentially allowing checkout completion and product or service fulfillment without a successful payment.

Action-Not Available
Vendor-jconti
Product-Payment Gateway for Redsys & WooCommerce Lite
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-25636
Matching Score-4
Assigner-Document Foundation, The
ShareView Details
Matching Score-4
Assigner-Document Foundation, The
CVSS Score-7.5||HIGH
EPSS-0.98% / 58.30%
||
7 Day CHG+0.02%
Published-22 Feb, 2022 | 00:00
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect trust validation of signature with ambiguous KeyInfo children

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to contain both "X509Data" and "KeyValue" children of the "KeyInfo" tag, which when opened caused LibreOffice to verify using the "KeyValue" but to report verification with the unrelated "X509Data" value. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.5.

Action-Not Available
Vendor-libreofficeThe Document FoundationFedora Project
Product-fedoralibreofficeLibreOffice
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-44714
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.27% / 18.76%
||
7 Day CHG~0.00%
Published-15 May, 2026 | 16:51
Updated-18 May, 2026 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
bitcoinj: ScriptExecution P2PKH/P2WPKH Verification Bypass

The bitcoinj library is a Java implementation of the Bitcoin protocol. Prior to 0.17.1, ScriptExecution.correctlySpends() contains two fast-path verification bugs for standard P2PKH and native P2WPKH spends in core/src/main/java/org/bitcoinj/script/ScriptExecution.java. In both branches, bitcoinj verifies an attacker-controlled signature/public-key pair but fails to verify that the public key is the one committed to by the output being spent. As a result, any attacker keypair can satisfy bitcoinj's local verification for arbitrary P2PKH and P2WPKH outputs. This vulnerability is fixed in 0.17.1.

Action-Not Available
Vendor-bitcoinj
Product-bitcoinj
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2018-16152
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.89% / 77.22%
||
7 Day CHG~0.00%
Published-26 Sep, 2018 | 21:00
Updated-03 Dec, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. This is a variant of CVE-2006-4790 and CVE-2014-1568.

Action-Not Available
Vendor-strongswann/aCanonical Ltd.Debian GNU/Linux
Product-strongswanubuntu_linuxdebian_linuxn/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-34240
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.13% / 2.98%
||
7 Day CHG~0.00%
Published-31 Mar, 2026 | 15:44
Updated-06 Apr, 2026 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
jose vulnerable to untrusted JWK header key acceptance during signature verification

JOSE is a Javascript Object Signing and Encryption (JOSE) library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header (jwk). The vulnerability exists because key selection could treat header-provided jwk as a verification candidate even when that key was not present in the trusted key store. Since JOSE headers are untrusted input, an attacker could exploit this by creating a token payload, embedding an attacker-controlled public key in the header, and signing with the matching private key. Applications using affected versions for token verification are impacted. This issue has been patched in version 0.3.5+1. A workaround for this issue involves rejecting tokens where header jwk is present unless that jwk matches a key already present in the application's trusted key store.

Action-Not Available
Vendor-appsup-dartappsup-dart
Product-josejose
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-21405
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.98% / 58.18%
||
7 Day CHG~0.00%
Published-15 Apr, 2021 | 21:35
Updated-03 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BLS Signature "Malleability"

Lotus is an Implementation of the Filecoin protocol written in Go. BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms: "serialized", and "compressed", meaning that BLS signatures can be provided as either of 2 unique byte arrays. Lotus block validation functions perform a uniqueness check on provided blocks. Two blocks are considered distinct if the CIDs of their blockheader do not match. The CID method for blockheader includes the BlockSig of the block. The result of these issues is that it would be possible to punish miners for valid blocks, as there are two different valid block CIDs available for each block, even though this must be unique. By switching from the go based `blst` bindings over to the bindings in `filecoin-ffi`, the code paths now ensure that all signatures are compressed by size and the way they are deserialized. This happened in https://github.com/filecoin-project/lotus/pull/5393.

Action-Not Available
Vendor-filecoinfilecoin-project
Product-lotuslotus
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2022-41340
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.48% / 38.26%
||
7 Day CHG~0.00%
Published-24 Sep, 2022 | 18:22
Updated-22 May, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The secp256k1-js package before 1.1.0 for Node.js implements ECDSA without required r and s validation, leading to signature forgery.

Action-Not Available
Vendor-secp256k1-js_projectn/a
Product-secp256k1-jsn/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2016-1000338
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.86% / 76.88%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 00:00
Updated-05 May, 2025 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.

Action-Not Available
Vendor-bouncycastlen/aRed Hat, Inc.NetApp, Inc.Canonical Ltd.
Product-satellite_capsulesatellite7-mode_transition_toolubuntu_linuxlegion-of-the-bouncy-castle-java-crytography-apin/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2022-3322
Matching Score-4
Assigner-Cloudflare, Inc.
ShareView Details
Matching Score-4
Assigner-Cloudflare, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.25% / 15.90%
||
7 Day CHG~0.00%
Published-28 Oct, 2022 | 09:25
Updated-05 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Lock WARP switch bypass on WARP mobile client using iOS quick action

Lock Warp switch is a feature of Zero Trust platform which, when enabled, prevents users of enrolled devices from disabling WARP client. Due to insufficient policy verification by WARP iOS client, this feature could be bypassed by using the "Disable WARP" quick action.

Action-Not Available
Vendor-Cloudflare, Inc.
Product-warp_mobile_clientWARP
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2015-7336
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.59% / 44.10%
||
7 Day CHG~0.00%
Published-27 Mar, 2020 | 14:05
Updated-06 Aug, 2024 | 07:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed.

Action-Not Available
Vendor-n/aLenovo Group Limited
Product-system_updaten/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2022-24772
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-1.01% / 59.39%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 13:30
Updated-23 Apr, 2025 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Verification of Cryptographic Signature in `node-forge`

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a `DigestInfo` ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.

Action-Not Available
Vendor-digitalbazaardigitalbazaar
Product-forgeforge
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2022-24771
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.72% / 49.66%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 13:25
Updated-23 Apr, 2025 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Verification of Cryptographic Signature in node-forge

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses unchecked portion of the PKCS#1 encoded message to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.

Action-Not Available
Vendor-digitalbazaardigitalbazaar
Product-forgeforge
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2022-24884
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-1.04% / 60.11%
||
7 Day CHG~0.00%
Published-05 May, 2022 | 23:50
Updated-23 Apr, 2025 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Trivial signature forgery in ecdsautils

ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[prepare_]legacy()` does not check whether the signature values `r` and `s` are non-zero. A signature consisting only of zeroes is always considered valid, making it trivial to forge signatures. Requiring multiple signatures from different public keys does not mitigate the issue: `ecdsa_verify_list_legacy()` will accept an arbitrary number of such forged signatures. Both the `ecdsautil verify` CLI command and the libecdsautil library are affected. The issue has been fixed in ecdsautils 0.4.1. All older versions of ecdsautils (including versions before the split into a library and a CLI utility) are vulnerable.

Action-Not Available
Vendor-ecdsautils_projectfreifunk-gluonFedora ProjectDebian GNU/Linux
Product-ecdsautilsdebian_linuxfedoraecdsautils
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2018-0114
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-42.65% / 98.56%
||
7 Day CHG~0.00%
Published-04 Jan, 2018 | 06:00
Updated-02 Dec, 2024 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. The vulnerability is due to node-jose following the JSON Web Signature (JWS) standard for JSON Web Tokens (JWTs). This standard specifies that a JSON Web Key (JWK) representing a public key can be embedded within the header of a JWS. This public key is then trusted for verification. An attacker could exploit this by forging valid JWS objects by removing the original signature, adding a new public key to the header, and then signing the object using the (attacker-owned) private key associated with the public key embedded in that JWS header.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-node-joseNode-jose Library
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-5588
Matching Score-4
Assigner-91579145-5d7b-4cc5-b925-a0262ff19630
ShareView Details
Matching Score-4
Assigner-91579145-5d7b-4cc5-b925-a0262ff19630
CVSS Score-6.3||MEDIUM
EPSS-0.39% / 31.45%
||
7 Day CHG~0.00%
Published-15 Apr, 2026 | 09:06
Updated-16 Jul, 2026 | 12:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PKIX draft CompositeVerifier accepts empty signature sequence as valid.

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all (pkix modules), Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All (pkix modules), Legion of the Bouncy Castle Inc. BCPIX-LTS bcpkix on All (pkix modules). This vulnerability is associated with program files JcaContentVerifierProviderBuilder.Java, JcaContentVerfierProviderBuilder.Java. This issue affects BC-JAVA: from 1.67 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84; BCPKIX-FIPS: from 2.0.6 before 2.0.11, from 2.1.7 before 2.1.11; BCPIX-LTS: from 2.73.7 before 2.73.11.

Action-Not Available
Vendor-Legion of the Bouncy Castle Inc.Red Hat, Inc.
Product-BC-JAVABCPKIX-FIPSBCPIX-LTSOpenShift Developer Tools and ServicesRed Hat OpenShift Dev Spaces 3.28Red Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14Red Hat Process Automation 7Red Hat Fuse 7Red Hat build of Quarkus 3.20.6.SP1Red Hat AMQ Broker 7.12.7Red Hat Build of Apache Camel 4.14 for Quarkus 3.27Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat build of Apicurio Registry 3Red Hat Enterprise Linux 9Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9Red Hat Data Grid 8streams for Apache Kafka 3Red Hat build of Debezium 3Red Hat Enterprise Linux 8Red Hat JBoss Enterprise Application Platform 7Red Hat Satellite 6Cryostat 4streams for Apache Kafka 2Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8Red Hat JBoss Enterprise Application Platform 8.1Red Hat AMQ Broker 7.13.5Red Hat build of Apache Camel 4 for Quarkus 3Red Hat Single Sign-On 7Red Hat AMQ Broker 7Red Hat build of Quarkus 3.27.3.SP1Red Hat OpenShift AI (RHOAI)
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2005-2182
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.19% / 64.42%
||
7 Day CHG~0.00%
Published-10 Jul, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message.

Action-Not Available
Vendor-grandstreamn/a
Product-bt-100_firmwarebt-100n/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2024-37568
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.38% / 30.47%
||
7 Day CHG~0.00%
Published-09 Jun, 2024 | 00:00
Updated-03 Nov, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. (This is similar to CVE-2022-29217 and CVE-2024-33663.)

Action-Not Available
Vendor-authlibn/alepture
Product-authlibn/aauthlib
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-33487
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.30% / 21.80%
||
7 Day CHG~0.00%
Published-26 Mar, 2026 | 17:17
Updated-15 Jul, 2026 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
goxmldsig has validateSignature Loop Variable Capture Signature Bypass

goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the `validateSignature` function in `validate.go` goes through the references in the `SignedInfo` block to find one that matches the signed element's ID. In Go versions before 1.22, or when `go.mod` uses an older version, there is a loop variable capture issue. The code takes the address of the loop variable `_ref` instead of its value. As a result, if more than one reference matches the ID or if the loop logic is incorrect, the `ref` pointer will always end up pointing to the last element in the `SignedInfo.References` slice after the loop. goxmlsig version 1.6.0 contains a patch.

Action-Not Available
Vendor-goxmldsig_projectrussellhaeringRed Hat, Inc.
Product-goxmldsiggoxmldsigRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Advanced Cluster Management for Kubernetes 2.15Multicluster Global Hub 1.3.4Multicluster Global Hub 1.6.2Multicluster Global Hub 1.5.4Red Hat OpenShift GitOps 1.19Red Hat Advanced Cluster Security 4Red Hat OpenShift GitOps 1.18Red Hat Enterprise Linux 10Red Hat Advanced Cluster Management for Kubernetes 2.14Multicluster Global Hub 1.4.5
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-682
Incorrect Calculation
CVE-2026-33895
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.35% / 27.01%
||
7 Day CHG~0.00%
Published-27 Mar, 2026 | 20:47
Updated-15 Jul, 2026 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Forge has signature forgery in Ed25519 due to missing S > L check

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order (`S >= L`). A valid signature and its `S + L` variant both verify in forge, while Node.js `crypto.verify` (OpenSSL-backed) rejects the `S + L` variant, as defined by the specification. This class of signature malleability has been exploited in practice to bypass authentication and authorization logic (see CVE-2026-25793, CVE-2022-35961). Applications relying on signature uniqueness (i.e., dedup by signature bytes, replay tracking, signed-object canonicalization checks) may be bypassed. Version 1.4.0 patches the issue.

Action-Not Available
Vendor-digitalbazaardigitalbazaarRed Hat, Inc.
Product-forgeforgeRed Hat Developer Hub 1.8Red Hat build of Apicurio Registry 2Red Hat Process Automation 7Red Hat Quay 3Red Hat Fuse 7Red Hat Enterprise Linux 10Red Hat Ansible Automation Platform 2.5 for RHEL 8Logging Subsystem for Red Hat OpenShiftRed Hat Ansible Automation Platform 2.5 for RHEL 9Red Hat Enterprise Linux 9Red Hat Data Grid 8Red Hat Ansible Automation Platform 2Red Hat Enterprise Linux 8Red Hat build of Apache Camel - HawtIO 4Red Hat Build of Podman DesktopCryostat 4Red Hat Developer Hub 1.9Cluster Observability Operator 1.5.0
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-33894
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.34% / 26.09%
||
7 Day CHG~0.00%
Published-27 Mar, 2026 | 20:45
Updated-15 Jul, 2026 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Forge has signature forgery in RSA-PKCS due to ASN.1 extra field

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3). Attackers can forge signatures by stuffing “garbage” bytes within the ASN structure in order to construct a signature that passes verification, enabling Bleichenbacher style forgery. This issue is similar to CVE-2022-24771, but adds bytes in an addition field within the ASN structure, rather than outside of it. Additionally, forge does not validate that signatures include a minimum of 8 bytes of padding as defined by the specification, providing attackers additional space to construct Bleichenbacher forgeries. Version 1.4.0 patches the issue.

Action-Not Available
Vendor-digitalbazaardigitalbazaarRed Hat, Inc.
Product-forgeforgeRed Hat Developer Hub 1.8Red Hat build of Apicurio Registry 2Red Hat Process Automation 7Red Hat Fuse 7Red Hat Enterprise Linux 10Red Hat Ansible Automation Platform 2.5 for RHEL 8Red Hat Quay 3.16Logging Subsystem for Red Hat OpenShiftRed Hat Quay 3.9Red Hat Ansible Automation Platform 2.5 for RHEL 9Red Hat Enterprise Linux 9Red Hat Quay 3.17Red Hat Data Grid 8Red Hat Ansible Automation Platform 2Red Hat Enterprise Linux 8Red Hat Build of Podman DesktopRed Hat build of Apache Camel - HawtIO 4Cryostat 4Red Hat Quay 3.14Red Hat Quay 3.12Red Hat Developer Hub 1.9Cluster Observability Operator 1.5.0Red Hat Quay 3.10Red Hat Quay 3.15
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-3338
Matching Score-4
Assigner-Amazon
ShareView Details
Matching Score-4
Assigner-Amazon
CVSS Score-8.7||HIGH
EPSS-0.78% / 51.79%
||
7 Day CHG~0.00%
Published-02 Mar, 2026 | 21:22
Updated-15 Jul, 2026 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PKCS7_verify Signature Validation Bypass in AWS-LC

Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes. Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.

Action-Not Available
Vendor-amazonAWSRed Hat, Inc.
Product-aws-lc-sysaws_libcryptoAWS-LCRed Hat Trusted Artifact Signer 1.3Red Hat Enterprise Linux 9Confidential Compute AttestationRed Hat Trusted Profile AnalyzerRed Hat OpenShift Update ServiceRed Hat Enterprise Linux 10Red Hat OpenShift Container Platform 4
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-32614
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.21% / 11.31%
||
7 Day CHG~0.00%
Published-13 Mar, 2026 | 20:14
Updated-15 Apr, 2026 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Go ShangMi SM9 Infinity-Point Ciphertext Forgery Vulnerability

Go ShangMi (Commercial Cryptography) Library (GMSM) is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause is that, during decryption, the elliptic-curve point C1 in the ciphertext is only deserialized and checked to be on the curve, but the implementation does not explicitly reject the point at infinity. In the current implementation, an attacker can construct C1 as the point at infinity, causing the bilinear pairing result to degenerate into the identity element in the GT group. As a result, a critical part of the key derivation input becomes a predictable constant. An attacker who only knows the target user's UID can derive the decryption key material and then forge a ciphertext that passes the integrity check. This vulnerability is fixed in 0.41.1.

Action-Not Available
Vendor-emmansun
Product-gmsm
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2026-32597
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.27% / 18.64%
||
7 Day CHG~0.00%
Published-12 Mar, 2026 | 21:41
Updated-15 Jul, 2026 | 02:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC. This vulnerability is fixed in 2.12.0.

Action-Not Available
Vendor-pyjwt_projectjpadillaRed Hat, Inc.
Product-pyjwtpyjwtRed Hat Ansible Automation Platform 2.6 for RHEL 9Red Hat Enterprise Linux 9.4 Extended Update SupportRed Hat AI Inference ServerRed Hat AI Inference Server 3.3Red Hat Enterprise Linux AI 3.3Red Hat Satellite 6.18Red Hat Enterprise Linux 10Red Hat Ansible Automation Platform 2.5 for RHEL 8Red Hat Quay 3.16Red Hat OpenShift AI 3.3Red Hat OpenShift AI 2.25Red Hat Quay 3.9Red Hat Ansible Automation Platform 2.5 for RHEL 9Red Hat Trusted Artifact Signer 1.4Red Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Trusted Artifact SignerRed Hat Enterprise Linux 8Red Hat Ansible Automation Platform 2.5Red Hat Ansible Automation Platform 2Red Hat Satellite 6Red Hat Quay 3.12OpenShift LightspeedRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Ansible Automation Platform 2.6Red Hat Quay 3.10Red Hat OpenShift AI (RHOAI)Red Hat Quay 3.15
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-863
Incorrect Authorization
  • Previous
  • 1
  • 2
  • Next
Details not found