A vulnerability, which was classified as problematic, was found in sigstore timestamp-authority up to 2.0.x. Affected is an unknown function of the component Middleware. Executing a manipulation can lead to insufficiently random values.

This vulnerability is handled as CVE-2026-49835. The attack can be executed remotely. There is not any exploit available.