CVE-2026-23831

ADVISORY - github

Summary

Rekor’s cose v0.0.1 entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message. validate() returns nil (success) when message is empty, leaving sign1Msg uninitialized, and Canonicalize() later dereferences v.sign1Msg.Payload.

Impact

A malformed proposed entry of the cose/v0.0.1 type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error message and service still continues, so the availability impact of this is minimal.

Patches

Upgrade to v1.5.0

Workarounds

None

EPSS Score⁠: 0.00044 (0.131)

Common Weakness Enumeration (CWE)

ADVISORY - nist

NIST

CREATED

26 days ago

UPDATED

15 days ago

ADVISORY IDCVE-2026-23831⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-476⁠

CVSS SCORE

5.3medium

GitHub

CREATED

26 days ago

UPDATED

25 days ago

ADVISORY IDGHSA-273p-m2cw-6833⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-476⁠

CVSS SCORE

5.3medium

Alpine

CREATED

25 days ago

UPDATED

12 days ago

ADVISORY IDCVE-2026-23831⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

25 days ago

UPDATED

5 days ago

ADVISORY IDCVE-2026-23831⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

25 days ago

UPDATED

25 days ago

ADVISORY IDCVE-2026-23831⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

GoLang

CREATED

15 days ago

UPDATED

15 days ago

ADVISORY IDGO-2026-4354⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Red Hat

CREATED

26 days ago

UPDATED

25 days ago

ADVISORY IDCVE-2026-23831⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-476⁠

CVSS SCORE

5.3medium

Chainguard

CREATED

7 days ago

UPDATED

7 days ago

ADVISORY ID

CGA-28f7-f37x-xfxj

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

16 days ago

UPDATED

16 days ago

ADVISORY ID

MINI-299f-xvhq-vgpp

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

14 days ago

UPDATED

14 days ago

ADVISORY ID

MINI-4885-c5jf-xj4f

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

14 days ago

UPDATED

14 days ago

ADVISORY ID

MINI-4j5w-fcr3-8mr5

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

15 days ago

UPDATED

15 days ago

ADVISORY ID

MINI-567h-vvvr-5h8w

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

16 days ago

UPDATED

16 days ago

ADVISORY ID

MINI-6qw9-5vr8-r8hm

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

25 days ago

UPDATED

25 days ago

ADVISORY ID

MINI-8746-q95f-f4mx

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

15 days ago

UPDATED

15 days ago

ADVISORY ID

MINI-8958-pjf7-j627

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

7 days ago

UPDATED

7 days ago

ADVISORY ID

MINI-977x-x2mx-723m

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

25 days ago

UPDATED

25 days ago

ADVISORY ID

MINI-9pqh-jpjq-f2q6

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

15 days ago

UPDATED

15 days ago

ADVISORY ID

MINI-9rqp-vr67-3rjg

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

7 days ago

UPDATED

7 days ago

ADVISORY ID

MINI-fpqp-xp5m-5r2f

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

17 days ago

UPDATED

17 days ago

ADVISORY ID

MINI-g468-8ccw-qh6c

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

15 days ago

UPDATED

15 days ago

ADVISORY ID

MINI-g6hc-gv44-mg2w

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

7 days ago

UPDATED

7 days ago

ADVISORY ID

MINI-gv3r-9x35-9cg2

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

15 days ago

UPDATED

15 days ago

ADVISORY ID

MINI-jcj6-rjr9-qcwp

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

15 days ago

UPDATED

15 days ago

ADVISORY ID

MINI-jcqm-24rp-crgc

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

24 days ago

UPDATED

24 days ago

ADVISORY ID

MINI-jf74-3q4p-r2c6

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

24 days ago

UPDATED

24 days ago

ADVISORY ID

MINI-mg34-4hm2-678p

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

15 days ago

UPDATED

15 days ago

ADVISORY ID

MINI-v42g-4496-3fcq

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

17 days ago

UPDATED

17 days ago

ADVISORY ID

MINI-v526-5957-gccm

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

15 days ago

UPDATED

15 days ago

ADVISORY ID

MINI-xfqv-3mq2-ppv4

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

CVE-2026-23831

Summary

Summary

Impact

Patches

Workarounds

Common Weakness Enumeration (CWE)

CWE-476⁠

CWE-476⁠

CWE-476⁠

Advisories

NIST

CVSS SCORE

GitHub

CVSS SCORE

Alpine

Debian

Ubuntu

CVSS SCORE

GoLang

Red Hat

CVSS SCORE

Chainguard

minimos

minimos

minimos

minimos

minimos

minimos

minimos

minimos

minimos

minimos

minimos

minimos

minimos

minimos

minimos

minimos

minimos

minimos

minimos

minimos

minimos