CVE-2026-47192: kas's late signature validation may allow unnoticed repository manipulations
So far, kas checks out and processes repositories regarding configuration includes prior to validating signatures of those repositories. This may allow to replace on original repository with one under the control of an attacker under very specific conditions.
First of all, the attacker must have gained control of a repository that a kas file of the victim is referencing. Furthermore, the following conditions must be fulfilled:
- the victim’s kas configuration must include a configuration file from the attacked repository
- the repository state is referenced by tag, and no commit ID is specified (this is triggering a warning, though)
- the key used for validating the tag or commit signature is stored as file in a repository
- no fingerprint for the key is specified
- the
_source_dirkey must not be set by the victim when calling kas (e.g. by avoiding a local.config.yaml)
Given these conditions, the attacker could modify the included kas configuration in way that the key used to validate the tag signature of the attacker’s repository could be replaced by an attacker-chosen key.
No other exploit possibilities have been identified so far, but this does not rule out that those may exist.
References
- github.com/advisories/GHSA-4vqc-wpwg-vh7j
- github.com/siemens/kas/commit/4cb4a3d01122ffaec9feaae768a5814092f6f9b5
- github.com/siemens/kas/commit/5b2114becfc154b16ef496d24f8c2191a2297f57
- github.com/siemens/kas/security/advisories/GHSA-4vqc-wpwg-vh7j
- github.com/siemens/kas/security/advisories/GHSA-qjwp-hrq6-r26r
- nvd.nist.gov/vuln/detail/CVE-2026-47192
Code Behaviors & Features
Detect and mitigate CVE-2026-47192 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →