CVE-2026-24137 | sigstore sigstore-go up to 1.10.3 pkg/tuf/client.go path traversal (GHSA-fcv2-xgw5-pqxf)

Inserito da Angelo Barbosa | Gen 23, 2026 | CVE

A vulnerability was found in sigstore sigstore-go up to 1.10.3. It has been classified as critical. This affects an unknown part of the file pkg/tuf/client.go. This manipulation causes path traversal.

This vulnerability is tracked as CVE-2026-24137. The attack is possible to be carried out remotely. No exploit exists.

Upgrading the affected component is recommended.

CVE-2026-24137 | sigstore sigstore-go up to 1.10.3 pkg/tuf/client.go path traversal (GHSA-fcv2-xgw5-pqxf)

Post correlati

CVE-2024-57520 | Asterisk 22 action_createconfig permission

CVE-2024-56333 | InseeFrLab onyxia up to 2.8.1/3.1.0/4.1.x code injection (GHSA-qmcw-h4f9-j3h3)

CVE-2026-21663 | Revive Adserver up to 6.0.4 banner-acl.php cap/session_capping/time cross site scripting

CVE-2024-8415 | SourceCodester Food Ordering Management System 1.0 /routers/add-ticket.php id sql injection