diff --git a/.changeset/tough-adults-sing.md b/.changeset/tough-adults-sing.md
new file mode 100644
index 00000000..3f260f34
--- /dev/null
+++ b/.changeset/tough-adults-sing.md
@@ -0,0 +1,5 @@
+---
+"@sigstore/core": patch
+---
+
+Ensure the `isCA` value for the `X509BasicConstraintsExtension` defaults to `false` if no other value is present
diff --git a/packages/core/src/__tests__/x509/ext.test.ts b/packages/core/src/__tests__/x509/ext.test.ts
index 9fa7dbf3..056d526a 100644
--- a/packages/core/src/__tests__/x509/ext.test.ts
+++ b/packages/core/src/__tests__/x509/ext.test.ts
@@ -103,6 +103,21 @@ describe('x509BasicConstraintsExtension', () => {
         expect(subject.isCA).toBe(true);
       });
     });
+
+    describe('when the extension contains no value for the CA', () => {
+      // Extension w/ NO isCA value specified
+      const basicConstraintsExtension = Buffer.from(
+        '300C0603551D130101FF04023000',
+        'hex'
+      );
+      const subject = new X509BasicConstraintsExtension(
+        ASN1Obj.parseBuffer(basicConstraintsExtension)
+      );
+
+      it('returns false', () => {
+        expect(subject.isCA).toBe(false);
+      });
+    });
   });
 
   describe('#pathLenConstraint', () => {
diff --git a/packages/core/src/x509/ext.ts b/packages/core/src/x509/ext.ts
index 76a16057..adb9e464 100644
--- a/packages/core/src/x509/ext.ts
+++ b/packages/core/src/x509/ext.ts
@@ -52,7 +52,7 @@ export class X509Extension {
 // https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.9
 export class X509BasicConstraintsExtension extends X509Extension {
   get isCA(): boolean {
-    return this.sequence.subs[0].toBoolean();
+    return this.sequence.subs[0]?.toBoolean() ?? false;
   }
 
   get pathLenConstraint(): bigint | undefined {