Cyber Resilience

CVE-2026-1584

High

Published: 09 April 2026

Published
09 April 2026
Modified
03 May 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0011 28.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-1584 is a high-severity NULL Pointer Dereference (CWE-476) vulnerability in Gnu Gnutls. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 28.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-1584 is a vulnerability in the GnuTLS cryptographic library, stemming from a NULL pointer dereference triggered by a specially crafted ClientHello message containing an invalid Pre-Shared Key (PSK) binder value during the TLS handshake. This flaw affects GnuTLS implementations, particularly servers using the library for TLS termination, and was published on 2026-04-09. It is classified under CWE-476 (NULL Pointer Dereference) with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

A remote, unauthenticated attacker can exploit this vulnerability by sending the malformed ClientHello over the network, requiring low complexity and no user interaction or privileges. Successful exploitation causes the server to crash, resulting in a denial-of-service (DoS) condition with high availability impact but no confidentiality or integrity effects.

Red Hat has issued a security advisory detailing the issue at https://access.redhat.com/security/cve/CVE-2026-1584, along with a Bugzilla tracking entry at https://bugzilla.redhat.com/show_bug.cgi?id=2435258, where practitioners can find information on affected versions, patches, and mitigation steps.

EU & UK References

Vulnerability details

A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key (PSK) binder value during the TLS handshake. This can lead to a NULL pointer…

more

dereference, causing the server to crash and resulting in a remote Denial of Service (DoS) condition.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

NULL pointer dereference in GnuTLS TLS handshake enables remote unauthenticated crash/DoS via crafted ClientHello, matching application exploitation for endpoint denial of service.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-32990Same product: Gnu Gnutls
CVE-2025-69649Same vendor: Gnu
CVE-2026-42010Same product: Gnu Gnutls
CVE-2026-40413Shared CWE-476
CVE-2025-57155Shared CWE-476
CVE-2026-28390Shared CWE-476
CVE-2026-23952Shared CWE-476
CVE-2025-57156Shared CWE-476
CVE-2025-63647Shared CWE-476
CVE-2025-69624Shared CWE-476

Affected Assets

gnu
gnutls
all versions
redhat
hardened images
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely remediation of flaws in GnuTLS directly eliminates the NULL pointer dereference vulnerability exploited by malformed ClientHello messages.

prevent

Denial-of-service protection mechanisms, such as rate limiting TLS handshakes, mitigate remote crashes from specially crafted ClientHello packets.

prevent

Information input validation on TLS ClientHello messages, including PSK binder values, addresses malformed inputs that trigger the NULL pointer dereference.

References