CVE-2026-24137 | sigstore sigstore-go up to 1.10.3 pkg/tuf/client.go path traversal (GHSA-fcv2-xgw5-pqxf)

Inserito da Angelo Barbosa | Gen 23, 2026 | CVE

A vulnerability was found in sigstore sigstore-go up to 1.10.3. It has been classified as critical. This affects an unknown part of the file pkg/tuf/client.go. This manipulation causes path traversal.

This vulnerability is tracked as CVE-2026-24137. The attack is possible to be carried out remotely. No exploit exists.

Upgrading the affected component is recommended.

CVE-2026-24137 | sigstore sigstore-go up to 1.10.3 pkg/tuf/client.go path traversal (GHSA-fcv2-xgw5-pqxf)

Post correlati

CVE-2025-9305 | SourceCodester Online Bank Management System 1.0 /bank/mnotice.php ID sql injection

CVE-2025-25009 | Elastic Kibana up to 7.17.29/8.18.7/8.19.4/9.0.7/9.1.4 Case File Upload cross site scripting

CVE-2025-11100 | D-Link DIR-823X 250416 set_wifi_blacklists uci_set command injection

CVE-2024-40432 | Realtek SD Card Reader Driver prior 10.0.26100.21374 denial of service