diff --git a/cmd/cosign/cli/options/attach.go b/cmd/cosign/cli/options/attach.go
index 1553c834796..a5146f023f8 100644
--- a/cmd/cosign/cli/options/attach.go
+++ b/cmd/cosign/cli/options/attach.go
@@ -17,6 +17,7 @@ package options
 
 import (
 	"fmt"
+	"strings"
 
 	"github.com/google/go-containerregistry/pkg/v1/types"
 	"github.com/spf13/cobra"
@@ -69,12 +70,16 @@ func (o *AttachSBOMOptions) AddFlags(cmd *cobra.Command) {
 }
 
 func (o *AttachSBOMOptions) MediaType() (types.MediaType, error) {
+	var looksLikeJSON bool
+	if strings.HasSuffix(o.SBOM, ".json") {
+		looksLikeJSON = true
+	}
 	switch o.SBOMType {
 	case "cyclonedx":
 		if o.SBOMInputFormat != "" && o.SBOMInputFormat != ctypes.XMLInputFormat && o.SBOMInputFormat != ctypes.JSONInputFormat {
 			return "invalid", fmt.Errorf("invalid SBOM input format: %q, expected (json|xml)", o.SBOMInputFormat)
 		}
-		if o.SBOMInputFormat == ctypes.JSONInputFormat {
+		if o.SBOMInputFormat == ctypes.JSONInputFormat || looksLikeJSON {
 			return ctypes.CycloneDXJSONMediaType, nil
 		}
 		return ctypes.CycloneDXXMLMediaType, nil
@@ -83,7 +88,7 @@ func (o *AttachSBOMOptions) MediaType() (types.MediaType, error) {
 		if o.SBOMInputFormat != "" && o.SBOMInputFormat != ctypes.TextInputFormat && o.SBOMInputFormat != ctypes.JSONInputFormat {
 			return "invalid", fmt.Errorf("invalid SBOM input format: %q, expected (json|text)", o.SBOMInputFormat)
 		}
-		if o.SBOMInputFormat == ctypes.JSONInputFormat {
+		if o.SBOMInputFormat == ctypes.JSONInputFormat || looksLikeJSON {
 			return ctypes.SPDXJSONMediaType, nil
 		}
 		return ctypes.SPDXMediaType, nil