Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total1

Critical0

High0

Medium1

Search Severity Year Type Sort Order

Reset

Showing 1-1 of 1 records

Threat Entry Updated 2026-02-05

CVE-2026-22703 - Cosign Plugin

Cosign provides code signing and transparency for containers and binaries. Prior to versions 2.6.2 and 3.0.4, Cosign bundle can be crafted to successfully verify an artifact even if the embedded Rekor entry does not reference the artifact's digest, signature or public key. When verifying a Rekor entry, Cosign verifies the Rekor entry signature, and also compares the artifact's digest, the user's public key from either a Fulcio certificate or provided by the user, and the artifact signature to the Rekor entry contents. Without these comparisons, Cosign would accept any response…

PLUGIN Cosign

CVE-2026-22703

MEDIUM CVSS 5.5 2026-01-10

Risk Score

Open Full Technical Breakdown

Scroll to top

Blog

"Prevention is cheaper than a breach"

Threat Database

CVE-2026-22703 - Cosign Plugin

Company Links

Contact Us