CVE-2026-23831
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2026-23831, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-22

Last updated on: 2026-02-02

Assigner: GitHub, Inc.

Description

Rekor is a software supply chain transparency log. In versions 1.4.3 and below, the entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message, causing nil Pointer Dereference. Function validate() returns nil (success) when message is empty, leaving sign1Msg uninitialized, and Canonicalize() later dereferences v.sign1Msg.Payload. A malformed proposed entry of the cose/v0.0.1 type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error message and service still continues, so the availability impact of this is minimal. This issue has been fixed in version 1.5.0.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-22
Last Modified
2026-02-02
Generated
2026-07-06
AI Q&A
2026-01-23
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
linuxfoundation rekor to 1.5.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability occurs in Rekor versions 1.4.3 and below, where the entry implementation can panic due to attacker-controlled input when processing an entry with an empty spec.message. Specifically, the validate() function returns success when the message is empty, leaving a variable uninitialized. Later, the Canonicalize() function dereferences this uninitialized variable, causing a nil pointer dereference and a panic in the Rekor process thread. This results in a 500 error response to the client, but the service continues running.

Impact Analysis

The vulnerability can cause a panic in a thread within the Rekor process, resulting in a 500 error message being sent to clients. However, the overall service continues to run, so the impact on availability is minimal. There is no impact on confidentiality or integrity.

Mitigation Strategies

Upgrade Rekor to version 1.5.0 or later, as this version contains the fix for the vulnerability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23831. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart