Listen to this Post
The core of this vulnerability lies in the `DelegatedRole._is_target_in_pathpattern` method, which is responsible for authorizing a target path against a delegation’s glob pattern. Internally, this method uses Python’s `fnmatch.fnmatch` to perform the comparison. The security flaw emerges because `fnmatch.fnmatch` normalizes both the target path and the pattern using `os.path.normcase()` before matching. On Windows, `normcase` converts characters to lowercase and changes forward slashes `/` to backslashes \, creating a case-insensitive comparison. In contrast, on Linux and macOS, `normcase` is an identity function, preserving the original case for a case-sensitive match.
This results in a critical inconsistency: a Windows client will treat path patterns case-insensitively, while a Linux or macOS client will treat them case-sensitively. For a TUF repository, this violates the specification because the authorization decision for a target file becomes dependent on the client’s operating system, not the repository’s defined rules.
An attacker can exploit this by carefully crafting a repository with two path-based delegations whose patterns differ only in case, for example, `Foo/` and foo/. The attacker ensures their malicious role is listed before the legitimate one in the delegation order. When a Windows client requests a target like foo/something, the `fnmatch.fnmatch` call normalizes the case to lowercase, causing the earlier attacker’s pattern `Foo/` to match. Consequently, the client authorizes the attacker’s role and downloads a malicious target instead of the intended legitimate one. This bypasses the TUF security model on Windows platforms, enabling unauthorized target replacement.
DailyCVE Form:
Platform: Python TUF
Version: <= 4.0.0
Vulnerability : Case-Insensitive Bypass
Severity: Medium
date: 2026-05-18
Prediction: 2026-05-28
Analytics under heading What Undercode Say:
Check if a target would be authorized on Windows This simulates the vulnerable fnmatch behavior python -c "import os, fnmatch; pattern='Foo/'; target='foo/something'; print(fnmatch.fnmatch(target, pattern))"
Vulnerable code path in tuf/api/_payload.py if not fnmatch.fnmatch(target, pattern): return False
Exploit:
- Control a delegated role in a TUF repository.
- Create a collision pattern (e.g.,
Foo/) that is case-insensitively identical to a legitimate pattern (foo/). - Position the attacker’s role before the legitimate role in the delegation order.
- Wait for a Windows client to request a path that matches the legitimate pattern (e.g.,
foo/something). - The client’s authorization logic will match the attacker’s pattern and grant access to the attacker’s role.
Protection:
- Upgrade to a patched version of python-tuf (commit 7ecb67d or later).
- The fix replaces `fnmatch.fnmatch` with
fnmatch.fnmatchcase, which does not apply case normalization and behaves identically on all platforms. - As a workaround, restrict repository configurations to avoid case-colliding path patterns until an upgrade is performed.
Impact:
- A Windows client can be tricked into downloading a malicious target file from a role it should not trust.
- This breaks the TUF specification’s security guarantees for path-based delegations on Windows, potentially leading to arbitrary code execution if the malicious target is executed.
- Linux and macOS clients are unaffected by this specific vulnerability.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]

