This page collects WhisperX intelligence signals tagged #CVE-2026-24137. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical security flaw has been identified in the legacy TUF client within the widely-used Sigstore software supply chain security project. The vulnerability, tracked as CVE-2026-24137, allows for arbitrary file writes via a path traversal attack. The core failure is in the client's file caching mechanism, which cons...
A critical path traversal vulnerability in Sigstore's legacy TUF client has been disclosed, enabling attackers to perform arbitrary file writes on affected systems. The flaw, tracked as CVE-2026-24137 (GHSA-fcv2-xgw5-pqxf), resides within the `github.com/sigstore/sigstore` package and stems from improper handling of ta...