Cosign is a tool within the sigstore project that provides cryptographic signing and transparency for container images and binaries, leveraging a transparency log called Rekor. The vulnerability identified as CVE-2026-22703 (CWE-345) arises from insufficient verification of the authenticity of data embedded in cosign bundles prior to versions 2.6.2 and 3.0.4. Specifically, when cosign verifies a Rekor entry during artifact signature validation, it checks the Rekor entry's signature but fails to adequately confirm that the Rekor entry references the artifact's digest, the signature, or the user's public key. This flaw allows an attacker who has compromised a user's signing key or identity to craft a cosign bundle containing arbitrary Rekor entries unrelated to the actual artifact. As a result, cosign would accept these bundles as valid, effectively allowing the attacker to bypass audit mechanisms that rely on transparency logs to verify the provenance and integrity of signed artifacts. The vulnerability impacts the integrity of the signing process but does not affect confidentiality or availability. Exploitation requires local privileges (AV:L) and low complexity (AC:L), with privileges at the level of a user with signing key access (PR:L), and no user interaction (UI:N) is needed. The scope remains unchanged (S:U). The CVSS v3.1 base score is 5.5, reflecting a medium severity. This vulnerability is particularly critical in environments where cosign is used to secure supply chains and enforce trust in containerized deployments. The issue has been addressed by patches in cosign versions 2.6.2 and 3.0.4, which implement stricter verification ensuring that the Rekor entry corresponds exactly to the artifact's digest, signature, and public key. Organizations using affected versions should upgrade immediately to prevent potential integrity compromises.

For European organizations, this vulnerability poses a risk to the integrity of software supply chains that utilize cosign for signing container images and binaries. Attackers who gain access to signing keys can create fraudulent signatures that appear valid, undermining trust in deployed software and potentially allowing malicious code to be distributed undetected. This can lead to compromised systems, data breaches, or disruption of services if malicious containers or binaries are deployed in production environments. The impact is particularly significant for sectors relying heavily on containerization and DevSecOps practices, such as financial services, telecommunications, and critical infrastructure. Although confidentiality and availability are not directly affected, the loss of integrity can have cascading effects on compliance with regulations like the EU Cybersecurity Act and NIS2 Directive, which emphasize supply chain security. The inability to audit signing events accurately also weakens incident response and forensic capabilities. Organizations with large-scale container deployments or those participating in open-source software supply chains are at higher risk.

The primary mitigation is to upgrade cosign to version 2.6.2 or 3.0.4 or later, where the vulnerability has been patched with enhanced verification of Rekor entries against artifact digests, signatures, and public keys. Organizations should enforce strict access controls and monitoring around signing keys to prevent compromise, including hardware security modules (HSMs) or secure key vaults. Implement multi-factor authentication and regular key rotation policies for signing credentials. Additionally, integrate continuous monitoring and alerting on signing activities and transparency log anomalies to detect suspicious behavior promptly. Conduct regular audits of the software supply chain and signing processes to ensure compliance with security policies. For critical deployments, consider implementing out-of-band verification of signed artifacts and transparency logs. Finally, educate developers and DevOps teams about the importance of using updated tooling and secure key management practices to prevent exploitation.