CVE-2026-23831
Rekor (software supply chain transparency log) versions 1.4.3 and earlier are affected by a vulnerability where an empty spec.message can cause a nil pointer dereference during entry canonicalization, as validate() may return nil for empty message and Canonicalize() dereferences sign1Msg.Payload....