CVE-2026-23831
BaseFortify
Publication date: 2026-01-22
Last updated on: 2026-02-02
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linuxfoundation | rekor | to 1.5.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in Rekor versions 1.4.3 and below, where the entry implementation can panic due to attacker-controlled input when processing an entry with an empty spec.message. Specifically, the validate() function returns success when the message is empty, leaving a variable uninitialized. Later, the Canonicalize() function dereferences this uninitialized variable, causing a nil pointer dereference and a panic in the Rekor process thread. This results in a 500 error response to the client, but the service continues running.
How can this vulnerability impact me? :
The vulnerability can cause a panic in a thread within the Rekor process, resulting in a 500 error message being sent to clients. However, the overall service continues to run, so the impact on availability is minimal. There is no impact on confidentiality or integrity.
What immediate steps should I take to mitigate this vulnerability?
Upgrade Rekor to version 1.5.0 or later, as this version contains the fix for the vulnerability.