CVE-2026-24117 | sigstore rekor up to 1.4.x Search Endpoint /api/v1/index/retrieve enable_retrieve_api server-side request forgery (GHSA-4c4x-jm2x-pf9j)

Inserito da Angelo Barbosa | Gen 23, 2026 | CVE

A vulnerability, which was classified as critical, has been found in sigstore rekor up to 1.4.x. The impacted element is the function enable_retrieve_api of the file /api/v1/index/retrieve of the component Search Endpoint. Performing a manipulation results in server-side request forgery.

This vulnerability is known as CVE-2026-24117. Remote exploitation of the attack is possible. No exploit is available.

It is advisable to upgrade the affected component.

CVE-2026-24117 | sigstore rekor up to 1.4.x Search Endpoint /api/v1/index/retrieve enable_retrieve_api server-side request forgery (GHSA-4c4x-jm2x-pf9j)

Post correlati

CVE-2025-24602 | WP24 Domain Check Plugin up to 1.10.14 on WordPress cross site scripting

CVE-2024-31413 | OMRON CX-One Project File buffer overflow (OMSR-2024-002)

CVE-2025-59470 | Veeam Backup & Replication up to 13.0.1.180 Parameter interval/order privilege escalation (kb4792)

CVE-2024-4950 | Google Chrome prior 125.0.6422.60 Downloads ui layer (ID 400654)