chore(deps): update module github.com/sigstore/fulcio to v1.8.5 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/sigstore/fulcio	v1.8.1 → v1.8.5

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2026-22772

Security Disclosure: SSRF via MetaIssuer Regex Bypass

Summary

Fulcio's metaRegex() function uses unanchored regex, allowing attackers to bypass MetaIssuer URL validation and trigger SSRF to arbitrary internal services.

Since the SSRF only can trigger GET requests, the request cannot mutate state. The response from the GET request is not returned to the caller so data exfiltration is not possible. A malicious actor could attempt to probe an internal network through Blind SSRF.

Impact

• SSRF to cloud metadata (169.254.169.254)
• SSRF to internal Kubernetes APIs
• SSRF to any service accessible from Fulcio's network
• Affects ALL deployments using MetaIssuers

Patches

Upgrade to v1.8.5.

Workarounds

None. If anchors are included in the meta issuer configuration URL, they will be escaped before the regular expression is compiled, not making this a sufficient mitigation. Deployments must upgrade to the latest Fulcio release v1.8.5.

Affected Code

File: pkg/config/config.go
Function: metaRegex() (lines 143-156)

func metaRegex(issuer string) (*regexp.Regexp, error) {
    quoted := regexp.QuoteMeta(issuer)
    replaced := strings.ReplaceAll(quoted, regexp.QuoteMeta("*"), "[-_a-zA-Z0-9]+")
    return regexp.Compile(replaced)  // Missing ^ and $ anchors
}

The Bug

The regex has no ^ (start) or $ (end) anchors. Go's regexp.MatchString() does substring matching, so:

Pattern:  https://oidc.eks.*.amazonaws.com/id/*
Regex:    https://oidc\.eks\.[-_a-zA-Z0-9]+\.amazonaws\.com/id/[-_a-zA-Z0-9]+

Input:    https://attacker.com/x/https://oidc.eks.foo.amazonaws.com/id/bar
Result:   MATCHES (substring found)

Exploit

1. Attacker sends JWT with iss claim: https://attacker.com/path/https://oidc.eks.x.amazonaws.com/id/y
2. Fulcio's GetIssuer() matches this against MetaIssuer patterns
3. Unanchored regex matches the embedded pattern as substring
4. Fulcio calls oidc.NewProvider() with attacker's URL
5. HTTP request goes to attacker.com, not amazonaws.com
6. Attacker returns OIDC discovery with jwks_uri pointing to internal service
7. Fulcio fetches from internal service → SSRF

---

Release Notes

sigstore/fulcio (github.com/sigstore/fulcio)

v1.8.5

Compare Source

Vulnerability Fixes

• GHSA-59jp-pj84-45mr - Server-side request forgery via MetaIssuer regex bypass (#​2263)

v1.8.4

Compare Source

Same changelog as v1.8.3, with a few dependency bumps to resolve a breaking API change

v1.8.3

Compare Source

Vulnerability Fixes

• GHSA-f83f-xpx7-ffpw; prevents OOM condition due to malformed OIDC token (#​2233)

Features

• feat: Add support for skipping email_verified claim requirement per issuer (#​2220)
• add meta-issuer circleci block (#​2215)
• add circleci info to fulcio (#​2192)

Testing

• Add basic E2E tests (#​2230)

v1.8.2

Compare Source

Testing

• make email address in test cases rfc822 conformant (#​2205)

---

Configuration

📅 Schedule: Branch creation - "" in timezone UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Never, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 6 additional dependencies were updated
• The go directive was updated for compatibility reasons

Details:

Package	Change
go	1.24.6 -> 1.25.0
github.com/google/go-containerregistry	v0.20.6 -> v0.20.7
github.com/sigstore/sigstore	v1.9.6-0.20251111174640-d8ab8afb1326 -> v1.10.3
google.golang.org/genproto/googleapis/api	v0.0.0-20250929231259-57b25ae835d4 -> v0.0.0-20251222181119-0a764e51fe1b
google.golang.org/genproto/googleapis/rpc	v0.0.0-20251022142026-3a174f9686a8 -> v0.0.0-20251222181119-0a764e51fe1b
google.golang.org/grpc	v1.76.0 -> v1.78.0
google.golang.org/protobuf	v1.36.10 -> v1.36.11

[packit-as-a-service]

Ephemeral COPR build failed. @containers/packit-build please check.

[danishprakash]

FWIW, it seems neither buildah nor podman is affected by CVE-2026-22772; it's a server-side bug, and neither vendors the offending pieces of code.