CVE-2026-44309 — Gitsign is a keyless Sigstore to signing tool for Git

/MEDIUM /CVSS 5.3/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
National Vulnerability Database vulnerabilitycvemedium-severitycwe-295cwe-347
CVE-2026-44309 — Gitsign is a keyless Sigstore to signing tool for Git

CVE-2026-44309 — Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking the signature, instead of verifying against t

What This Means For You

  • If your environment is affected by CWE-295, CWE-347, review your exposure and prioritize patching based on your environment. Monitor vendor advisories for CVE-2026-44309 updates and patches.

Related ATT&CK Techniques

T1552.004 Credentials In Files Credential Access T1071.004 SS&M: DNS Command and Control T1041 Exfiltration Over C2 Channel Exfiltration

🛡️ Detection Rules

2 rules · 6 SIEM formats

2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1071.004 Command and Control

Suspicious Gitsign Usage with Older Versions - CVE-2026-44309

Sigma YAML — free preview 
title: Suspicious Gitsign Usage with Older Versions - CVE-2026-44309
id: scw-2026-05-15-ai-1
status: experimental
level: high
description: |
  Detects the execution of 'gitsign verify' or 'gitsign verify-tag' commands. This is a core indicator for CVE-2026-44309, as these commands are vulnerable in versions prior to 0.16.0 due to improper handling of commit/tag object verification, allowing for signature bypass and the association of a signature with unintended content.
author: SCW Feed Engine (AI-generated)
date: 2026-05-15
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-44309/
tags:
  - attack.command_and_control
  - attack.t1071.004
logsource:
    category: process_creation
detection:
  selection:
      Image|endswith:
          - 'gitsign'
      CommandLine|contains:
          - 'verify'
          - 'verify-tag'
      condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-44309 vulnerability CVE-2026-44309
CWE-295 weakness CWE-295
CWE-347 weakness CWE-347

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 15, 2026 at 20:16 UTC

This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.

Believe this infringes your rights? Submit a takedown request.

Related coverage

coreMQTT CVE-2026-8686: DoS via Crafted MQTT v5.0 Packet

CVE-2026-8686 — Missing bounds validation in the MQTT v5.0 property parser in coreMQTT before 5.0.1 allows an MQTT broker to cause a denial of service...

vulnerabilityCVEhigh-severitydenial-of-servicecwe-125
/SCW Vulnerability Desk /HIGH /7.5 /⚑ 4 IOCs /⚙ 1 Sigma

Vvveb CMS Vulnerability (CVE-2026-46408) Allows Cart Hijacking

CVE-2026-46408 — Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the...

vulnerabilityCVEhigh-severitycwe-639
/SCW Vulnerability Desk /HIGH /7.6 /⚑ 3 IOCs /⚙ 2 Sigma

Vvveb CMS API Token Disclosure (CVE-2026-46407) High Severity

CVE-2026-46407 — Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the...

vulnerabilityCVEhigh-severitycwe-639
/SCW Vulnerability Desk /HIGH /8.1 /⚑ 3 IOCs /⚙ 2 Sigma