TROYANOSYVIRUS
Back to CVEs

CVE-2026-23831

MEDIUM
5.3

Description

Rekor is a software supply chain transparency log. In versions 1.4.3 and below, the entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message, causing nil Pointer Dereference. Function validate() returns nil (success) when message is empty, leaving sign1Msg uninitialized, and Canonicalize() later dereferences v.sign1Msg.Payload. A malformed proposed entry of the cose/v0.0.1 type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error message and service still continues, so the availability impact of this is minimal. This issue has been fixed in version 1.5.0.

CVE Details

CVSS v3.1 Score5.3
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published1/22/2026
Last Modified2/2/2026
Sourcenvd
Honeypot Sightings0

Affected Products

linuxfoundation:rekor

Weaknesses (CWE)

CWE-476

References

https://github.com/sigstore/rekor/commit/39bae3d192bce48ef4ef2cbd1788fb5770fee8cd(security-advisories@github.com)
https://github.com/sigstore/rekor/releases/tag/v1.5.0(security-advisories@github.com)
https://github.com/sigstore/rekor/security/advisories/GHSA-273p-m2cw-6833(security-advisories@github.com)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.