Product
A high-severity vulnerability (CVE-2026-49478) in Sigstore Fulcio's OIDC discovery client allows blind Server-Side Request Forgery (SSRF) via cross-host redirects, facilitates JWKS substitution for cache poisoning, and causes Kubernetes ServiceAccount token leakage to external attackers, potentially compromising supply chain integrity and cluster resources.