diff --git a/builtin/logical/pki/ocsp.go b/builtin/logical/pki/ocsp.go
index 9ca159c9a..b01f60a38 100644
--- a/builtin/logical/pki/ocsp.go
+++ b/builtin/logical/pki/ocsp.go
@@ -218,7 +218,15 @@ func fetchDerEncodedRequest(request *logical.Request, data *framework.FieldData)
 		return base64.StdEncoding.DecodeString(base64Req)
 	case logical.UpdateOperation:
 		// POST bodies should contain the binary form of the DER request.
+		// NOTE: Writing an empty update request to Vault causes a nil request.HTTPRequest, and that object
+		//       says that it is possible for its Body element to be nil as well, so check both just in case.
+		if request.HTTPRequest == nil {
+			return nil, errors.New("no data in request")
+		}
 		rawBody := request.HTTPRequest.Body
+		if rawBody == nil {
+			return nil, errors.New("no data in request body")
+		}
 		defer rawBody.Close()
 
 		requestBytes, err := io.ReadAll(io.LimitReader(rawBody, maximumRequestSize))
diff --git a/changelog/18184.txt b/changelog/18184.txt
new file mode 100644
index 000000000..153131abe
--- /dev/null
+++ b/changelog/18184.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+secrets/pki: Address nil panic when an empty POST request is sent to the OCSP handler
+```