A vulnerability was found in sigstore cosign up to 2.6.2/3.0.5 . It has been declared as problematic . This issue affects some unknown processing. Executing a manipulation can lead to improper check for unusual conditions. This vulnerability is tracked as CVE-2026-39395 . The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.