CVE-2026-23831

ADVISORY - github

Summary

Rekor’s cose v0.0.1 entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message. validate() returns nil (success) when message is empty, leaving sign1Msg uninitialized, and Canonicalize() later dereferences v.sign1Msg.Payload.

Impact

A malformed proposed entry of the cose/v0.0.1 type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error message and service still continues, so the availability impact of this is minimal.

Patches

Upgrade to v1.5.0

Workarounds

None

EPSS Score⁠: 0.00032 (0.087)

Common Weakness Enumeration (CWE)

ADVISORY - nist

NIST

CREATED

5 days ago

UPDATED

2 days ago

ADVISORY IDCVE-2026-23831⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-476⁠

CVSS SCORE

5.3medium

GitHub

CREATED

5 days ago

UPDATED

5 days ago

ADVISORY IDGHSA-273p-m2cw-6833⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-476⁠

CVSS SCORE

5.3medium

Alpine

CREATED

5 days ago

UPDATED

2 days ago

ADVISORY IDCVE-2026-23831⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

5 days ago

UPDATED

4 days ago

ADVISORY IDCVE-2026-23831⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

5 days ago

UPDATED

5 days ago

ADVISORY IDCVE-2026-23831⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Red Hat

CREATED

5 days ago

UPDATED

5 days ago

ADVISORY IDCVE-2026-23831⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-476⁠

CVSS SCORE

5.3medium

Chainguard

CREATED

11 hours ago

UPDATED

11 hours ago

ADVISORY ID

CGA-28f7-f37x-xfxj

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

5 days ago

UPDATED

5 days ago

ADVISORY ID

MINI-8746-q95f-f4mx

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

5 days ago

UPDATED

5 days ago

ADVISORY ID

MINI-9pqh-jpjq-f2q6

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 days ago

UPDATED

4 days ago

ADVISORY ID

MINI-jf74-3q4p-r2c6

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

4 days ago

UPDATED

4 days ago

ADVISORY ID

MINI-mg34-4hm2-678p

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

CVE-2026-23831

Summary

Summary

Impact

Patches

Workarounds

Common Weakness Enumeration (CWE)

CWE-476⁠

CWE-476⁠

CWE-476⁠

Advisories

NIST

CVSS SCORE

GitHub

CVSS SCORE

Alpine

Debian

Ubuntu

CVSS SCORE

Red Hat

CVSS SCORE

Chainguard

minimos

minimos

minimos

minimos