Sigstore Timestamp-Authority Verifier Exposes Authorization Bypass via Certificate Bag Manipulation (CVE-2026-39984)

A critical flaw in the Sigstore timestamp-authority verifier allows attackers to bypass authorization controls by manipulating the certificate bag. The vulnerability, tracked as CVE-2026-39984, resides in the `VerifyTimestampResponse` function within the `timestamp-authority/v2/pkg/verification` package. The function correctly validates the certificate chain for a signature but then incorrectly uses the first non-CA certificate from the PKCS#7 certificate bag—rather than the verified leaf certificate—when performing TSA-specific authorization checks in `VerifyLeafCert`. This mismatch creates a dangerous loophole.

An attacker can exploit this by prepending a forged certificate to the certificate bag while the actual message is signed with a legitimate, authorized key. The library validates the cryptographic signature using the correct certificate but then performs critical authorization checks on the attacker's forged certificate. This effectively decouples signature validation from identity authorization, allowing unauthorized actions to be approved. It is crucial to note that this vulnerability is specific to users of the `timestamp-authority/v2/pkg/verification` library package; the core timestamp-authority service itself is not affected.

The medium-severity finding exposes downstream projects and systems that rely on this library for secure timestamp verification and authorization. While not a direct compromise of the Sigstore service, it represents a significant supply chain risk for any implementation that depends on this package to enforce access controls. Developers must update to a patched version immediately to close this authorization bypass vector.