[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-24122":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T02:55:33.997Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":27,"aliases":37,"duplicate_of":9,"upstream":41,"downstream":42,"duplicates":59,"related":60,"reserved_at":9,"published_at":67,"modified_at":68,"state":69,"summary":70,"references_raw":77,"kevs":111,"epss":112,"epss_history":115,"metrics":383,"affected":393},"CVE-2026-24122","Cosign provides code signing and transparency for containers and binaries. In versions 3.0.4 and below, an issuing certificate with a validity that expires before the leaf certificate will be considered valid during verification even if the provided timestamp would mean the issuing certificate should be considered expired. When verifying artifact signatures using a certificate, Cosign first verifies the certificate chain using the leaf certificate's \"not before\" timestamp and later checks expiry of the leaf certificate using either a signed timestamp provided by the Rekor transparency log or from a timestamp authority, or using the current time. The root and all issuing certificates are assumed to be valid during the leaf certificate's validity. There is no impact to users of the public Sigstore infrastructure. This may affect private deployments with customized PKIs. This issue has been fixed in version 3.0.5.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-295","Improper Certificate Validation","The product does not validate, or incorrectly validates, a certificate.","weakness","Draft","Base",[19,23],{"id":20,"name":21,"techniques":22},"CAPEC-459","Creating a Rogue Certification Authority Certificate",[],{"id":24,"name":25,"techniques":26},"CAPEC-475","Signature Spoofing by Improper Validation",[],[28],{"_key":29,"name":30,"source":31,"url":32,"maturity":33,"reliability_score":34,"verified":35,"type":9,"platforms":36,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_SIGSTORE_COSIGN","Cosign","github","https://github.com/sigstore/cosign/security/advisories/GHSA-vjxv-45g9-9296","poc",0.3,false,[],[38,39,40],"GHSA-wfqv-66vq-46rm","BIT-cosign-2026-24122","GO-2026-4529",[],[43,45,47,49,51,53,55,57],{"_key":44},"SUSE-SU-2026:0757-1",{"_key":46},"SUSE-SU-2026:0777-1",{"_key":48},"OPENSUSE-SU-2026:10235-1",{"_key":50},"OPENSUSE-SU-2026:20386-1",{"_key":52},"SUSE-SU-2026:20904-1",{"_key":54},"DEBIAN-CVE-2026-24122",{"_key":56},"OPENSUSE-SU-2026:10635-1",{"_key":58},"UBUNTU-CVE-2026-24122",[],[61,62,63,64,65,66],{"_key":44},{"_key":46},{"_key":48},{"_key":50},{"_key":52},{"_key":56},"2026-02-19T22:27:08.828Z","2026-02-20T15:41:03.939Z","Analyzed",{"cisa_kev":35,"cisa_ransomware":35,"cisa_vendor":9,"epss_severity":71,"epss_score":72,"severity":71,"severity_score":73,"severity_version":74,"severity_source":75,"severity_vector":76,"severity_status":69},"low",0.00011,3.7,"v3.1","cve.org","CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",[78,89,96,102,107],{"url":79,"sources":80,"tags":83},"https://github.com/sigstore/cosign/security/advisories/GHSA-wfqv-66vq-46rm",[75,81,82],"osv_go","nvd",[84,85,86,87,88],"X Refsource CONFIRM","WEB","Exploit","Vendor Advisory","Advisory",{"url":90,"sources":91,"tags":92},"https://github.com/sigstore/cosign/commit/3c9a7363f563db76d78e2de2cabd945450f3781e",[75,82,81],[93,85,94,95],"X Refsource MISC","Patch","FIX",{"url":97,"sources":98,"tags":99},"https://github.com/sigstore/cosign/releases/tag/v3.0.5",[75,82,81],[93,85,100,101],"Product","Release Notes",{"url":103,"sources":104,"tags":105},"https://github.com/sigstore/cosign",[81],[106],"PACKAGE",{"url":108,"sources":109,"tags":110},"https://nvd.nist.gov/vuln/detail/CVE-2026-24122",[81],[88],[],{"date":113,"score":72,"percentile":114},"2026-06-05",0.01464,[116,120,123,126,129,132,136,139,142,145,148,151,154,157,160,163,166,169,172,175,178,181,184,187,190,193,196,199,201,204,207,210,214,217,220,223,226,228,231,234,237,240,244,247,250,253,256,259,262,265,268,271,274,277,280,283,286,289,292,295,298,301,304,307,310,313,316,319,322,325,328,331,333,335,337,339,342,345,348,351,353,356,359,362,365,368,371,374,377,380],{"date":117,"score":118,"percentile":119},"2026-02-20",0.00015,0.03005,{"date":121,"score":118,"percentile":122},"2026-02-21",0.02978,{"date":124,"score":118,"percentile":125},"2026-02-22",0.02976,{"date":127,"score":118,"percentile":128},"2026-02-23",0.02952,{"date":130,"score":118,"percentile":131},"2026-02-24",0.0294,{"date":133,"score":134,"percentile":135},"2026-02-25",0.0002,0.04945,{"date":137,"score":134,"percentile":138},"2026-02-26",0.04912,{"date":140,"score":134,"percentile":141},"2026-02-27",0.04982,{"date":143,"score":134,"percentile":144},"2026-02-28",0.04972,{"date":146,"score":134,"percentile":147},"2026-03-01",0.05037,{"date":149,"score":134,"percentile":150},"2026-03-02",0.0507,{"date":152,"score":134,"percentile":153},"2026-03-03",0.05083,{"date":155,"score":134,"percentile":156},"2026-03-04",0.04963,{"date":158,"score":134,"percentile":159},"2026-03-05",0.05013,{"date":161,"score":134,"percentile":162},"2026-03-06",0.04985,{"date":164,"score":134,"percentile":165},"2026-03-07",0.04996,{"date":167,"score":134,"percentile":168},"2026-03-08",0.05,{"date":170,"score":134,"percentile":171},"2026-03-09",0.04978,{"date":173,"score":134,"percentile":174},"2026-03-10",0.04986,{"date":176,"score":134,"percentile":177},"2026-03-11",0.04998,{"date":179,"score":134,"percentile":180},"2026-03-12",0.05021,{"date":182,"score":134,"percentile":183},"2026-03-13",0.05024,{"date":185,"score":134,"percentile":186},"2026-03-14",0.04993,{"date":188,"score":134,"percentile":189},"2026-03-15",0.0498,{"date":191,"score":134,"percentile":192},"2026-03-16",0.04976,{"date":194,"score":134,"percentile":195},"2026-03-17",0.04969,{"date":197,"score":134,"percentile":198},"2026-03-18",0.04974,{"date":200,"score":134,"percentile":177},"2026-03-19",{"date":202,"score":134,"percentile":203},"2026-03-20",0.04995,{"date":205,"score":134,"percentile":206},"2026-03-21",0.05196,{"date":208,"score":134,"percentile":209},"2026-03-22",0.05188,{"date":211,"score":212,"percentile":213},"2026-03-23",0.00022,0.05691,{"date":215,"score":212,"percentile":216},"2026-03-24",0.05668,{"date":218,"score":212,"percentile":219},"2026-03-25",0.05725,{"date":221,"score":212,"percentile":222},"2026-03-26",0.05766,{"date":224,"score":212,"percentile":225},"2026-03-27",0.0576,{"date":227,"score":212,"percentile":222},"2026-03-28",{"date":229,"score":212,"percentile":230},"2026-03-29",0.05762,{"date":232,"score":212,"percentile":233},"2026-03-30",0.05745,{"date":235,"score":212,"percentile":236},"2026-03-31",0.05707,{"date":238,"score":212,"percentile":239},"2026-04-01",0.05718,{"date":241,"score":242,"percentile":243},"2026-04-02",0.00029,0.08295,{"date":245,"score":242,"percentile":246},"2026-04-03",0.08319,{"date":248,"score":242,"percentile":249},"2026-04-04",0.08348,{"date":251,"score":242,"percentile":252},"2026-04-05",0.08334,{"date":254,"score":242,"percentile":255},"2026-04-06",0.08273,{"date":257,"score":242,"percentile":258},"2026-04-07",0.08292,{"date":260,"score":242,"percentile":261},"2026-04-08",0.08356,{"date":263,"score":242,"percentile":264},"2026-04-09",0.08372,{"date":266,"score":242,"percentile":267},"2026-04-10",0.08371,{"date":269,"score":242,"percentile":270},"2026-04-11",0.08364,{"date":272,"score":242,"percentile":273},"2026-04-12",0.08344,{"date":275,"score":242,"percentile":276},"2026-04-13",0.08327,{"date":278,"score":242,"percentile":279},"2026-04-14",0.08202,{"date":281,"score":242,"percentile":282},"2026-04-15",0.08221,{"date":284,"score":242,"percentile":285},"2026-04-16",0.08225,{"date":287,"score":242,"percentile":288},"2026-04-17",0.08214,{"date":290,"score":242,"percentile":291},"2026-04-18",0.08211,{"date":293,"score":242,"percentile":294},"2026-04-19",0.08195,{"date":296,"score":242,"percentile":297},"2026-04-20",0.08184,{"date":299,"score":72,"percentile":300},"2026-04-21",0.01294,{"date":302,"score":72,"percentile":303},"2026-04-22",0.01299,{"date":305,"score":72,"percentile":306},"2026-04-23",0.01305,{"date":308,"score":72,"percentile":309},"2026-04-24",0.013,{"date":311,"score":72,"percentile":312},"2026-04-25",0.01301,{"date":314,"score":72,"percentile":315},"2026-04-26",0.01306,{"date":317,"score":72,"percentile":318},"2026-04-27",0.01313,{"date":320,"score":72,"percentile":321},"2026-04-28",0.01437,{"date":323,"score":72,"percentile":324},"2026-04-29",0.01443,{"date":326,"score":72,"percentile":327},"2026-04-30",0.01438,{"date":329,"score":72,"percentile":330},"2026-05-01",0.01434,{"date":332,"score":72,"percentile":330},"2026-05-02",{"date":334,"score":72,"percentile":330},"2026-05-03",{"date":336,"score":72,"percentile":330},"2026-05-04",{"date":338,"score":72,"percentile":330},"2026-05-05",{"date":340,"score":72,"percentile":341},"2026-05-06",0.01426,{"date":343,"score":72,"percentile":344},"2026-05-07",0.01428,{"date":346,"score":72,"percentile":347},"2026-05-08",0.01427,{"date":349,"score":72,"percentile":350},"2026-05-09",0.01421,{"date":352,"score":72,"percentile":350},"2026-05-10",{"date":354,"score":72,"percentile":355},"2026-05-11",0.01417,{"date":357,"score":72,"percentile":358},"2026-05-12",0.01413,{"date":360,"score":72,"percentile":361},"2026-05-13",0.0142,{"date":363,"score":72,"percentile":364},"2026-05-14",0.01424,{"date":366,"score":72,"percentile":367},"2026-05-15",0.01419,{"date":369,"score":72,"percentile":370},"2026-05-16",0.01415,{"date":372,"score":72,"percentile":373},"2026-05-17",0.01411,{"date":375,"score":72,"percentile":376},"2026-05-18",0.01399,{"date":378,"score":72,"percentile":379},"2026-05-19",0.01395,{"date":381,"score":72,"percentile":382},"2026-05-20",0.01389,[384,389,391],{"source":75,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":385,"cvss_v4_0":9},{"baseScore":73,"baseSeverity":386,"vectorString":76,"impactScore":387,"exploitabilityScore":388},"LOW",2.3,5.6,{"source":81,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":390,"cvss_v4_0":9},{"baseScore":73,"baseSeverity":9,"vectorString":76,"impactScore":387,"exploitabilityScore":388},{"source":82,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":392,"cvss_v4_0":9},{"baseScore":73,"baseSeverity":386,"vectorString":76,"impactScore":387,"exploitabilityScore":388},[394,409,414,419],{"ecosystem":395,"name":396,"vendor":397,"product":398,"cpe_part":9,"purl_type":399,"purl_namespace":397,"purl_name":398,"source":9,"versions":400},"Go","github.com/sigstore/cosign","github.com/sigstore","cosign","golang",[401,407],{"version":402,"is_range":403,"range_type":404,"version_start":9,"version_start_type":9,"version_end":405,"version_end_type":406,"fixed_in":9},"lt3_0_5",true,"semver","3.0.5","excluding",{"version":408,"is_range":403,"range_type":404,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"all",{"ecosystem":395,"name":410,"vendor":396,"product":411,"cpe_part":9,"purl_type":399,"purl_namespace":396,"purl_name":411,"source":9,"versions":412},"github.com/sigstore/cosign/v2","v2",[413],{"version":408,"is_range":403,"range_type":404,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":395,"name":415,"vendor":396,"product":416,"cpe_part":9,"purl_type":399,"purl_namespace":396,"purl_name":416,"source":9,"versions":417},"github.com/sigstore/cosign/v3","v3",[418],{"version":402,"is_range":403,"range_type":404,"version_start":9,"version_start_type":9,"version_end":405,"version_end_type":406,"fixed_in":9},{"ecosystem":9,"name":398,"vendor":420,"product":398,"cpe_part":421,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":422},"sigstore","a",[423],{"version":424,"is_range":403,"range_type":425,"version_start":9,"version_start_type":9,"version_end":405,"version_end_type":406,"fixed_in":9},"lt3.0.5","cpe"]