GHSA-9vp8-3hmv-8fgh: stigmem-node's federation peer registration lacked explicit out-of-band approval

May 29, 2026

Federation peer registration accepted peer key material during registration without a separate administrator approval step based on an out-of-band fingerprint check. Impacted deployments are nodes that accept federation peer registration across a network where initial registration could be intercepted or misdirected.

References

github.com/advisories/GHSA-9vp8-3hmv-8fgh
github.com/eidetic-labs/stigmem/blob/v0.9.0a2/CHANGELOG.md
github.com/eidetic-labs/stigmem/blob/v0.9.0a2/SECURITY.md
github.com/eidetic-labs/stigmem/releases/tag/v0.9.0a2
github.com/eidetic-labs/stigmem/security/advisories/GHSA-9vp8-3hmv-8fgh

Code Behaviors & Features

Detect and mitigate GHSA-9vp8-3hmv-8fgh with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →