Cyber Resilience

CVE-2026-31830

High

Published: 10 March 2026

Published
10 March 2026
Modified
20 March 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score 0.0004 14.5th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-31830 is a high-severity Unchecked Return Value (CWE-252) vulnerability in Sigstore Sigstore. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Compromise Software Supply Chain (T1195.002); ranked at the 14.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-6 (Security and Privacy Function Verification).

Deeper analysis

CVE-2026-31830 affects sigstore-ruby, a pure Ruby implementation of the sigstore/cosign project's verify command, in versions prior to 0.2.3. The vulnerability lies in the Sigstore::Verifier#verify method, which fails to propagate the VerificationFailure exception returned by verify_in_toto when the artifact digest does not match the digest specified in the in-toto attestation subject. Consequently, verification of DSSE bundles containing in-toto statements always returns VerificationSuccess, even if the artifact does not match the attested subject. This issue is rated 7.5 on the CVSS 3.1 scale (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) and maps to CWE-252 (Unchecked Return Value).

Attackers can exploit this vulnerability remotely with low complexity and no privileges or user interaction required. By supplying a malicious DSSE bundle with an in-toto statement that references a mismatched artifact digest—such as for a tampered binary or package—the verifier will incorrectly deem it authentic. This enables integrity bypass, allowing adversaries to substitute malicious artifacts while evading sigstore's verification checks, potentially leading to deployment of untrusted software in supply chain pipelines.

The GitHub Security Advisory (GHSA-mhg6-2q2v-9h2c) confirms the issue is fixed in sigstore-ruby version 0.2.3, where the verifier now properly propagates the VerificationFailure. Security practitioners should upgrade to 0.2.3 or later and audit usages of Sigstore::Verifier#verify with in-toto attestations, especially in CI/CD workflows relying on sigstore for artifact verification.

EU & UK References

Vulnerability details

sigstore-ruby is a pure Ruby implementation of the sigstore verify command from the sigstore/cosign project. Prior to 0.2.3, Sigstore::Verifier#verify does not propagate the VerificationFailure returned by verify_in_toto when the artifact digest does not match the digest in the in-toto attestation…

more

subject. As a result, verification of DSSE bundles containing in-toto statements returns VerificationSuccess regardless of whether the artifact matches the attested subject. This vulnerability is fixed in 0.2.3.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1195.002 Compromise Software Supply Chain Initial Access
Adversaries may manipulate application software prior to receipt by a final consumer for the purpose of data or system compromise.
Why these techniques?

Verification bypass in sigstore-ruby in-toto/DSSE checks directly enables substitution of mismatched (malicious) artifacts that pass integrity checks, facilitating compromise of software supply chain artifacts and pipelines.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-21920Shared CWE-252
CVE-2026-40060Shared CWE-252
CVE-2025-25724Shared CWE-252
CVE-2026-40092Shared CWE-252
CVE-2026-35468Shared CWE-252
CVE-2026-0723Shared CWE-252
CVE-2026-34065Shared CWE-252
CVE-2026-28691Shared CWE-252
CVE-2026-22255Shared CWE-252
CVE-2026-22047Shared CWE-252

Affected Assets

sigstore
sigstore
≤ 0.2.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely remediation of flaws like the unchecked VerificationFailure in sigstore-ruby's verify method by upgrading to version 0.2.3 or later.

prevent

Mandates employment of integrity verification mechanisms that detect unauthorized changes, directly countering the false VerificationSuccess for mismatched artifact digests in DSSE bundles.

prevent

Requires verification that security functions, such as the sigstore verifier's handling of in-toto attestations, perform correctly to ensure failure propagation for integrity mismatches.

References