CSRF in Linuxfoundation Sigstore-python

CVE-2026-24408

sigstore-python is a Python tool for generating and verifying Sigstore signatures. Prior to version 4.2.0, the sigstore-python OAuth authentication flow is susceptible to Cross-Site Request Forgery. `_OAuthSession` creates a unique "state"…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.002 (5.4th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References