Description

Rekor is a software supply chain transparency log. In versions 1.4.3 and below, the entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message, causing nil Pointer Dereference. Function validate() returns nil (success) when message is empty, leaving sign1Msg uninitialized, and Canonicalize() later dereferences v.sign1Msg.Payload. A malformed proposed entry of the cose/v0.0.1 type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error message and service still continues, so the availability impact of this is minimal. This issue has been fixed in version 1.5.0.

INFO

Published Date :

2026-01-22T21:26:22.183Z

Last Modified :

2026-01-23T14:32:43.078Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-23831 vulnerability.

Vendors Products
Linuxfoundation
  • Rekor
Sigstore
  • Rekor
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-23831.

URL Resource
https://github.com/sigstore/rekor/commit/39bae3d192bce48ef4ef2cbd1788fb5770fee8cd cve-icon cve-icon cve-icon
https://github.com/sigstore/rekor/releases/tag/v1.5.0 cve-icon cve-icon cve-icon
https://github.com/sigstore/rekor/security/advisories/GHSA-273p-m2cw-6833 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-23831 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-23831 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact