CVE-2026-23831 Rekor COSE v0.0.1 Canonicalize crashes when passed empty Message

Rekor is a software supply chain transparency log. In versions 1.4.3 and below, the entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message, causing nil Pointer Dereference. Function validate returns nil success when message is...

Rekor's COSE v0.0.1 entry type nil pointer dereference in Canonicalize via empty Message

Summary Rekor’s cose v0.0.1 entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message. validate returns nil success when message is empty, leaving sign1Msg uninitialized, and Canonicalize later dereferences v.sign1Msg.Payload. Impa...

Man-In-The-Middle Proof-Of-Concept Via Krontiris' Ephemeral Diffie-Hellman over COSE (EDHOC) in C

This report presents some technical details on the authentication process of a lightweight key exchange protocol, paying attention on how Man-in-the-Middle MitM attacks could undermine its security, e.g., under the scope of lawful interception and its risk to facilitate mass surveillance. We focu...