CVE Vulnerabilities

CVE-2026-23831

NULL Pointer Dereference

Published: Jan 22, 2026 | Modified: Jun 17, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
5.3 MODERATE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

Rekor is a software supply chain transparency log. In versions 1.4.3 and below, the entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message, causing nil Pointer Dereference. Function validate() returns nil (success) when message is empty, leaving sign1Msg uninitialized, and Canonicalize() later dereferences v.sign1Msg.Payload. A malformed proposed entry of the cose/v0.0.1 type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error message and service still continues, so the availability impact of this is minimal. This issue has been fixed in version 1.5.0.

Weakness

The product dereferences a pointer that it expects to be valid but is NULL.

Affected Software

NameVendorStart VersionEnd Version
RekorLinuxfoundation*1.5.0 (excluding)
Red Hat Openshift Data Foundation 4.22RedHatodf4/cephcsi-rhel9:1782932114*
Red Hat Openshift Data Foundation 4.22RedHatodf4/cephcsi-rhel9-operator:1782931768*
Red Hat Openshift Data Foundation 4.22RedHatodf4/devicefinder-rhel9:1782932104*
Red Hat Openshift Data Foundation 4.22RedHatodf4/mcg-core-rhel9:1783536000*
Red Hat Openshift Data Foundation 4.22RedHatodf4/mcg-rhel9-operator:1783535989*
Red Hat Openshift Data Foundation 4.22RedHatodf4/ocs-client-console-rhel9:1783536515*
Red Hat Openshift Data Foundation 4.22RedHatodf4/ocs-client-rhel9-operator:1782932521*
Red Hat Openshift Data Foundation 4.22RedHatodf4/ocs-metrics-exporter-rhel9:1783018461*
Red Hat Openshift Data Foundation 4.22RedHatodf4/ocs-rhel9-operator:1783018421*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-blackbox-exporter-rhel9:1782932812*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-cli-rhel9:1783537001*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-cloudnative-pg-rhel9-operator:1782932919*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-console-rhel9:1783537586*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-cosi-sidecar-rhel9:1782932969*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-csi-addons-rhel9-operator:1782933015*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-csi-addons-sidecar-rhel9:1782933042*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-drbd-rhel9:1783537392*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-external-snapshotter-rhel9-operator:1782933235*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-external-snapshotter-sidecar-rhel9:1782933251*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-multicluster-console-rhel9:1783537955*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-multicluster-rhel9-operator:1782933417*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-must-gather-rhel9:1783537742*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-rhel9-operator:1782933602*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odr-rhel9-operator:1783019377*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odr-volsync-plugin-mover-rhel9:1782934054*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odr-volsync-plugin-rhel9-operator:1782934036*
Red Hat Openshift Data Foundation 4.22RedHatodf4/rook-ceph-rhel9-operator:1782934284*
RekorUbuntuquesting*

Potential Mitigations

References