diff --git a/Library/Homebrew/attestation.rb b/Library/Homebrew/attestation.rb
index 853643465fa30..9f359ece4a207 100644
--- a/Library/Homebrew/attestation.rb
+++ b/Library/Homebrew/attestation.rb
@@ -62,6 +62,9 @@ def self.enabled?
       return false if ENV.fetch("CI", false)
       return false if OS.unsupported_configuration?
 
+      gh_version = Formula["gh"].any_installed_version
+      return false if gh_version.nil? || gh_version < "2.49"
+
       # Always check credentials last to avoid unnecessary credential extraction.
       (Homebrew::EnvConfig.developer? || Homebrew::EnvConfig.devcmdrun?) && GitHub::API.credentials.present?
     end
@@ -78,7 +81,7 @@ def self.gh_executable
       #       to prevent a cycle during bootstrapping. This can eventually be resolved
       #       by vendoring a pure-Ruby Sigstore verifier client.
       with_env(HOMEBREW_NO_VERIFY_ATTESTATIONS: "1") do
-        @gh_executable = ensure_executable!("gh", reason: "verifying attestations", latest: true)
+        @gh_executable = ensure_formula_installed!("gh", reason: "verifying attestations", latest: true).opt_bin/"gh"
       end
 
       T.must(@gh_executable)
diff --git a/Library/Homebrew/test/attestation_spec.rb b/Library/Homebrew/test/attestation_spec.rb
index 7a7f32662ad64..40a8d43b1ff05 100644
--- a/Library/Homebrew/test/attestation_spec.rb
+++ b/Library/Homebrew/test/attestation_spec.rb
@@ -4,6 +4,7 @@
 
 RSpec.describe Homebrew::Attestation do
   let(:fake_gh) { Pathname.new("/extremely/fake/gh") }
+  let(:fake_gh_formula) { instance_double(Formula, opt_bin: Pathname.new("/extremely/fake")) }
   let(:fake_old_gh) { Pathname.new("/extremely/fake/old/gh") }
   let(:fake_gh_creds) { "fake-gh-api-token" }
   let(:fake_error_status) { instance_double(Process::Status, exitstatus: 1, termsig: nil) }
@@ -66,12 +67,12 @@
   end
 
   describe "::gh_executable" do
-    it "calls ensure_executable" do
-      expect(described_class).to receive(:ensure_executable!)
+    it "calls ensure_formula_installed" do
+      expect(described_class).to receive(:ensure_formula_installed!)
         .with("gh", reason: "verifying attestations", latest: true)
-        .and_return(fake_gh)
+        .and_return(fake_gh_formula)
 
-      described_class.gh_executable
+      described_class.gh_executable == fake_gh
     end
   end