CVE-2026-1584

High

Published: 09 April 2026

Published

09 April 2026

Modified

03 May 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0010 27.3th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-1584 is a high-severity NULL Pointer Dereference (CWE-476) vulnerability in Gnu Gnutls. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 27.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Timely remediation of flaws in GnuTLS directly eliminates the NULL pointer dereference vulnerability exploited by malformed ClientHello messages.

SC-5 Denial-of-service Protection good match

prevent

Denial-of-service protection mechanisms, such as rate limiting TLS handshakes, mitigate remote crashes from specially crafted ClientHello packets.

SI-10 Information Input Validation partial match

prevent

Information input validation on TLS ClientHello messages, including PSK binder values, addresses malformed inputs that trigger the NULL pointer dereference.

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

NULL pointer dereference in GnuTLS TLS handshake enables remote unauthenticated crash/DoS via crafted ClientHello, matching application exploitation for endpoint denial of service.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key (PSK) binder value during the TLS handshake. This can lead to a NULL pointer…

dereference, causing the server to crash and resulting in a remote Denial of Service (DoS) condition.

Deeper analysisAI

CVE-2026-1584 is a vulnerability in the GnuTLS cryptographic library, stemming from a NULL pointer dereference triggered by a specially crafted ClientHello message containing an invalid Pre-Shared Key (PSK) binder value during the TLS handshake. This flaw affects GnuTLS implementations, particularly servers using the library for TLS termination, and was published on 2026-04-09. It is classified under CWE-476 (NULL Pointer Dereference) with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

A remote, unauthenticated attacker can exploit this vulnerability by sending the malformed ClientHello over the network, requiring low complexity and no user interaction or privileges. Successful exploitation causes the server to crash, resulting in a denial-of-service (DoS) condition with high availability impact but no confidentiality or integrity effects.

Red Hat has issued a security advisory detailing the issue at https://access.redhat.com/security/cve/CVE-2026-1584, along with a Bugzilla tracking entry at https://bugzilla.redhat.com/show_bug.cgi?id=2435258, where practitioners can find information on affected versions, patches, and mitigation steps.