1. CVE-2026-39984: Authorization Bypass in Sigstore Timestamp Authority Certificate Verification
A medium-severity authorization bypass vulnerability has been identified in Sigstore Timestamp Authority, affecting versions 2.0.5 and below. The flaw resides in the VerifyTimestampResponse function within the timestamp-authority/v2/pkg/verification package. The function correctly validates the certificate chain signat...