Git Commit Hash Malleability: Attackers Can Forge Verified Signatures Without Access to Signing Keys
By
[Submitted on 2 Jul 2026]
Summary
This paper demonstrates a critical vulnerability in Git commit signing: an attacker can produce a second, distinct commit with identical tree, metadata, and a valid signature (including a "Verified" badge on GitHub) that differs only in its commit hash, without access to the signing key or breaking SHA2. The authors identify three malleation routes: algebraic inversion for ECDSA, structural insertion of unhashed OpenPGP subpackets for RSA/EdDSA, and non-canonical DER length re-encoding for S/MIME. They discuss consequences for hash-based commit blocking, dependency pinning (Nixpkgs, Go modules, GitHub Actions), and reproducible-build systems that treat commit hashes as content-addressable primary keys.
Source
Key quotes
· 5 pulledWe show this invariant does not hold.
Given any signed commit, an attacker without access to the signing key, and without breaking SHA2 can produce a second, distinct commit with an identical tree, identical metadata, a valid signature, and a ``Verified'' badge from a Git Forge such as Github, differing only in its commit hash.
The malleability in signed Git hashes is feasible due to the inherent malleability present in many of the data representations that make up a commit.
Algebraic inversion for ECDSA signatures and subpacket insertion were found to pass local verification (git verify-commit), and all three methods yield a persistent, independent ``Verified'' record on Github.
We discuss the consequences of Git hash chain malleation for hash-based commit blocking, dependency pinning (Nixpkgs, Go modules, Github Actions), and reproducible-build systems that treat the commit hash as a content-addressable primary key.
You might also wanna read
GitHub Implements Post-Quantum Secure SSH Key Exchange for Enhanced Git Data Protection
GitHub is introducing post-quantum secure SSH key exchange algorithms (sntrup761x25519-sha512) to enhance security for Git data access. This
Exploring post-quantum signature design for Ethereum asset protection
This article explores the design space for post-quantum transaction signatures on Ethereum, focusing on protecting user assets at the execut
Study finds 5,673 compromised Android signing keys on GitHub affecting over 10 billion users
This paper presents a longitudinal study on Android app signing key protection, revealing systemic risks from developer-managed credentials.
The case for GitHub Actions security after recent supply chain attacks
Public GitHub Issue Could Trick GitHub Agentic Workflows Into Leaking Private Repo Data
Analysis of equivocation attacks in Ethereum's mev-boost and ePBS systems
This article analyzes "equivocation attacks" in the context of mev-boost and ePBS (execution payload building separation) within Ethereum's
ethresear.ch·17d ago
Comments
Sign in to join the conversation.
No comments yet. Be the first.