CVE-2026-23831

Name of the Vulnerable Software and Affected Versions Rekor versions 1.4.3 and below

Description Rekor’s entry implementation can experience a panic when processing attacker-controlled input during the canonicalization of a proposed entry with an empty spec.message. The validate() function incorrectly returns success when the message is empty, resulting in an uninitialized sign1Msg. Subsequently, the Canonicalize() function attempts to dereference v.sign1Msg.Payload, leading to a nil pointer dereference. A malformed proposed entry of the cose/v0.0.1 type can trigger this panic within the Rekor process. The service recovers from the panic, returning a 500 error to the client, minimizing the impact on availability.

Recommendations Upgrade to version 1.5.0.