CVE-2026-47192

Name of the Vulnerable Software and Affected Versions kas versions prior to 5.3

Description The software processes repository configuration includes before validating the signatures of those repositories. Under specific conditions, an attacker who has gained control of a referenced repository can replace the original repository with one under their control. This occurs if the victim's configuration includes a file from the attacked repository, the repository state is referenced by a tag without a commit ID, the validation key is stored as a file in a repository without a specified fingerprint, and the source dir variable is not set. In this scenario, the attacker can modify the included configuration to replace the tag signature validation key with a key of their choosing.

Recommendations Update to version 5.3. Pin the expected signature key via its fingerprint when storing it as a file in a repository.