<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Npm/Sigstore - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/products/npm/sigstore/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Fri, 03 Jul 2026 12:37:11 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/products/npm/sigstore/feed.xml" rel="self" type="application/rss+xml"/><item><title>Sigstore `certificateOIDs` Verification Bypass Vulnerability (CVE-2026-48815)</title><link>https://feed.craftedsignal.io/briefs/2026-07-sigstore-oid-bypass/</link><pubDate>Fri, 03 Jul 2026 12:37:11 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-sigstore-oid-bypass/</guid><description>A high-severity vulnerability (CVE-2026-48815) in the `npm/sigstore` library (versions &lt;= 4.1.0) causes the `certificateOIDs` verification constraint to be silently ignored, allowing applications to accept unauthorized certificates that should have been rejected based on extension policy, which could lead to supply chain attacks by trusting malicious artifacts.</description><content:encoded><![CDATA[<p>A significant security vulnerability, identified as CVE-2026-48815, affects the <code>npm/sigstore</code> JavaScript library in versions up to and including 4.1.0. This flaw stems from a critical oversight in the library's certificate verification logic: while the public <code>sigstore.verify()</code> API accepts the <code>certificateOIDs</code> option, which is intended to enforce specific object identifiers (OIDs) within a certificate's extensions, this constraint is silently dropped during policy construction. Consequently, applications that rely on <code>certificateOIDs</code> to restrict accepted certificates for artifact signing are left without this crucial protection. An attacker could exploit this by presenting a certificate lacking the expected OIDs, yet still satisfying other verification checks, thereby bypassing a key policy enforcement mechanism and potentially enabling the trust of unauthorized or malicious software artifacts in a supply chain.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li><strong>Attacker crafts malicious artifact</strong>: An attacker creates a malicious software package or artifact intended for distribution.</li>
<li><strong>Attacker obtains unauthorized signing certificate</strong>: The attacker acquires a certificate that meets general validity criteria (e.g., correct issuer, valid dates) but <em>lacks</em> specific critical OID extensions that the target application's <code>sigstore</code> configuration <em>intends</em> to enforce via <code>certificateOIDs</code>.</li>
<li><strong>Attacker signs malicious artifact</strong>: The attacker signs the malicious artifact using their unauthorized certificate.</li>
<li><strong>Target system attempts to verify artifact</strong>: A target system, using a vulnerable <code>npm/sigstore</code> library (&lt;= 4.1.0) and configured with <code>certificateOIDs</code> to enforce specific OID policies, attempts to verify the signed artifact.</li>
<li><strong><code>sigstore</code> silently drops OID constraints</strong>: Due to the vulnerability, the <code>npm/sigstore</code> library's <code>createVerificationPolicy()</code> function silently ignores the <code>certificateOIDs</code> parameter when constructing the verification policy.</li>
<li><strong>Artifact falsely deemed legitimate</strong>: The signed malicious artifact passes <code>sigstore</code> verification because the critical OID extension check, which should have rejected the unauthorized certificate, was never applied.</li>
<li><strong>Malicious artifact executed/deployed</strong>: The target system proceeds to trust and potentially execute or deploy the malicious artifact, believing it to be legitimately signed and compliant with its security policies.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Applications integrating the <code>npm/sigstore</code> library that depend on the <code>certificateOIDs</code> feature for robust certificate policy enforcement are rendered vulnerable to supply chain attacks. This vulnerability means that unauthorized or non-compliant certificates, which should be explicitly rejected based on missing or incorrect OID extensions, will instead be accepted by the verification process. The direct consequence is that organizations relying on this library for software supply chain integrity could inadvertently trust and deploy malicious artifacts. This could lead to a wide range of impacts, including system compromise, data exfiltration, or the introduction of backdoors, undermining the entire purpose of artifact signing and verification. The exact number of affected organizations is difficult to ascertain, but any user of <code>npm/sigstore</code> up to version 4.1.0 configured with <code>certificateOIDs</code> is at risk.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li><strong>Patch CVE-2026-48815 immediately</strong>: Upgrade <code>npm/sigstore</code> to a patched version (4.1.1 or later) to address CVE-2026-48815, ensuring <code>certificateOIDs</code> are correctly enforced during verification.</li>
<li><strong>Review <code>sigstore</code> configurations</strong>: Audit all <code>sigstore.verify()</code> and <code>createVerifier()</code> calls in your codebase to confirm that certificate validation logic correctly identifies and rejects certificates that do not meet expected OID constraints, even after patching.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>vulnerability</category><category>supply-chain</category><category>software-security</category><category>javascript</category><category>npm</category><category>code-signing</category></item></channel></rss>