This page collects WhisperX intelligence signals tagged #CVE-2026-39984. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical flaw in the Sigstore timestamp-authority verifier allows attackers to bypass authorization controls by manipulating the certificate bag. The vulnerability, tracked as CVE-2026-39984, resides in the `VerifyTimestampResponse` function within the `timestamp-authority/v2/pkg/verification` package. The function c...
A medium-severity authorization bypass vulnerability has been identified in Sigstore Timestamp Authority, affecting versions 2.0.5 and below. The flaw resides in the VerifyTimestampResponse function within the timestamp-authority/v2/pkg/verification package. The function correctly validates the certificate chain signat...