{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T01:43:56.964","vulnerabilities":[{"cve":{"id":"CVE-2026-22772","sourceIdentifier":"security-advisories@github.com","published":"2026-01-12T21:15:59.457","lastModified":"2026-03-05T13:48:17.443","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.5, Fulcio's metaRegex() function uses unanchored regex, allowing attackers to bypass MetaIssuer URL validation and trigger SSRF to arbitrary internal services. Since the SSRF only can trigger GET requests, the request cannot mutate state. The response from the GET request is not returned to the caller so data exfiltration is not possible. A malicious actor could attempt to probe an internal network through Blind SSRF. This vulnerability is fixed in 1.8.5."},{"lang":"es","value":"Fulcio es una autoridad de certificación para emitir certificados de firma de código para una identidad de OpenID Connect (OIDC). Antes de la versión 1.8.5, la función metaRegex() de Fulcio utiliza expresiones regulares no ancladas, permitiendo a los atacantes eludir la validación de URL de MetaIssuer y desencadenar SSRF a servicios internos arbitrarios. Dado que el SSRF solo puede desencadenar solicitudes GET, la solicitud no puede mutar el estado. La respuesta de la solicitud GET no se devuelve al llamador, por lo que la exfiltración de datos no es posible. Un actor malicioso podría intentar sondear una red interna a través de SSRF ciego. Esta vulnerabilidad está corregida en la versión 1.8.5."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:linuxfoundation:fulcio:*:*:*:*:*:*:*:*","versionEndExcluding":"1.8.5","matchCriteriaId":"6D57DF83-B994-4FA6-B628-24987601A329"}]}]}],"references":[{"url":"https://github.com/sigstore/fulcio/commit/eaae2f2be56df9dea5f9b439ec81bedae4c0978d","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/sigstore/fulcio/security/advisories/GHSA-59jp-pj84-45mr","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}