{"slug": "github-commit-verification-logic-flaw-and-bypass", "title": "GitHub commit Verification logic flaw and bypass", "summary": "A security researcher disclosed a design flaw in GitHub's commit verification system that allows attackers to spoof verified commits by exploiting a mismatch between the author and committer fields. GitHub's \"Verified\" badge only checks the committer's GPG key, while the prominently displayed author field remains unverified, enabling impersonation of any user who has not enabled the opt-in \"Vigilant Mode\" defense. The researcher criticized GitHub for dismissing the issue in bug bounty reports and for gating the only mitigation on the potential victim rather than the attacker.", "body_md": "I know Git is not designed to use in the way GitHub is operating under and the spoofying had been an old issue that had been brought up throughout the years. With Shai Hulud and AI Agent, this time is abit more serious as the commit verification can be spoofed as well if you did not op in Vigilant Mode AND with a registered GPG key.\n\nI understand there are limitations to platform and the Git itself, but design decision and design flaw are totally different things. With the very frustrating bug bounty report dismissal and the ironic branding of commit verification as a mitigation method by the MSRC, I had waited long enough to post it here.\n\nGitHub clearly have the chance to do verification associating with the platform auth token and the user registered email but they chosen not to. And adding even more irony they (GitHub) got hacked when I was waiting for more engagement in this issue that ties to this hacked look is priceless.\n\nHere's the formalized body:\n\n---------------------------------------------------\n\nGitHub's own documentation establishes a chain of trust assumptions that, followed to their logical conclusion, reveals a verification gap that cannot be audited, cannot be programmatically detected, and is available to any GitHub user with a free account.\n\nThe documented chain:\n\n1. GitHub docs state that commit signature verification lets other people \"be confident that the changes come from a trusted source\": https://docs.github.com/en/authentication/managing-commit-signature-verification\n\n2. Verification checks whether the commit is signed with a GPG/SSH key registered to a GitHub account: https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification\n\n3. Git has two identity fields per commit: author (who wrote the code) and committer (who applied it). Both are set freely via environment variables — GIT_AUTHOR_NAME, GIT_AUTHOR_EMAIL, GIT_COMMITTER_NAME, GIT_COMMITTER_EMAIL: https://git-scm.com/book/en/v2/Git-Internals-Environment-Variables\n\n4. GitHub's UI displays the author prominently. The committer is hidden behind a secondary click. The green \"Verified\" badge sits next to the author's name and avatar.\n\n5. GitHub's verification binds only to the committer's key. The author field is not verified, not validated, and not constrained. The API exposes this directly — author, committer, and verification are separate objects on every commit: https://docs.github.com/en/rest/git/commits\n\nThe logic flaw:\n\nThe badge says \"Verified\" next to the author's name — but it verified the committer's key. These can be two completely different people. GitHub's own API confirms this: a commit can return author=torvalds, committer=, verification.verified=true. The UI shows Linus Torvalds with a green checkmark. The signing key is mine.\n\nThis is not a bug in the crypto. The GPG signature is valid. The flaw is in what \"Verified\" communicates versus what it actually checks.\n\nGitHub knows about this — and gated the defense behind the victim:\n\nGitHub actually has a \"Partially verified\" badge state. It triggers when author ≠ committer and the author has enabled vigilant mode: https://docs.github.com/en/authentication/managing-commit-signature-verification/displaying-verification-statuses-for-all-of-your-commits\n\nThis means GitHub is aware that author-committer mismatch is a trust problem. But the defense is opt-in, off by default, and gated on the impersonated user's account settings — not the attacker's. The attacker controls whether the defense fires by choosing victims who haven't enabled vigilant mode. Linus Torvalds hasn't. Neither have most GitHub users.\n\nComments URL: [https://news.ycombinator.com/item?id=48274410](https://news.ycombinator.com/item?id=48274410)\n\nPoints: 1\n\n# Comments: 0", "url": "https://wpnews.pro/news/github-commit-verification-logic-flaw-and-bypass", "canonical_source": "https://news.ycombinator.com/item?id=48274410", "published_at": "2026-05-26 02:47:32+00:00", "updated_at": "2026-05-26 03:07:26.598794+00:00", "lang": "en", "topics": ["ai-agents", "ai-safety", "ai-policy"], "entities": ["GitHub", "Shai Hulud", "MSRC"], "alternates": {"html": "https://wpnews.pro/news/github-commit-verification-logic-flaw-and-bypass", "markdown": "https://wpnews.pro/news/github-commit-verification-logic-flaw-and-bypass.md", "text": "https://wpnews.pro/news/github-commit-verification-logic-flaw-and-bypass.txt", "jsonld": "https://wpnews.pro/news/github-commit-verification-logic-flaw-and-bypass.jsonld"}}