Cyber Posture

CVE-2026-24785

Critical

Published: 28 January 2026

Published
28 January 2026
Modified
27 February 2026
KEV Added
Patch
CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0001 1.5th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-24785 is a critical-severity Use of a Broken or Risky Cryptographic Algorithm (CWE-327) vulnerability in Jmlepisto Clatter. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 1.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-12 (Cryptographic Key Establishment and Management) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the vulnerability by requiring timely identification, reporting, and patching of Clatter versions prior to 2.2.0 to address the PSK validity rule violation.

SC-12 Cryptographic Key Establishment and Management good match
prevent

Ensures implementation of approved cryptographic mechanisms for key establishment and derivation, preventing non-compliant post-quantum handshake patterns that allow PSK-derived keys without proper ephemeral randomization.

CM-6 Configuration Settings partial match
prevent

Enforces secure baseline configuration settings that prohibit or detect use of affected post-quantum PSK0 handshake patterns as recommended in the workaround.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1557 Adversary-in-the-Middle Credential Access
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.
attack.mitre.org →
Why these techniques?

Remote unauthenticated network exploitation of the handshake flaw maps to T1190; resulting weakened encryption and key reuse directly facilitate MITM attacks on the Noise channel (T1557).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Clatter is a no_std compatible, pure Rust implementation of the Noise protocol framework with post-quantum support. Versiosn prior to2.2.0 have a protocol compliance vulnerability. The library allowed post-quantum handshake patterns that violated the PSK validity rule (Noise Protocol Framework Section…

more

9.3). This could allow PSK-derived keys to be used for encryption without proper randomization by self-chosen ephemeral randomness, weakening security guarantees and potentially allowing catastrophic key reuse. Affected default patterns include `noise_pqkk_psk0`, `noise_pqkn_psk0`, `noise_pqnk_psk0`, `noise_pqnn_psk0``, and some hybrid variants. Users of these patterns may have been using handshakes that do not meet the intended security properties. The issue is fully patched and released in Clatter v2.2.0. The fixed version includes runtime checks to detect offending handshake patterns. As a workaround, avoid using offending `*_psk0` variants of post-quantum patterns. Review custom handshake patterns carefully.

Deeper analysisAI

CVE-2026-24785 is a protocol compliance vulnerability in Clatter, a no_std compatible, pure Rust implementation of the Noise protocol framework with post-quantum support. Versions prior to 2.2.0 allow post-quantum handshake patterns that violate the PSK validity rule specified in Section 9.3 of the Noise Protocol Framework. This permits PSK-derived keys to be used for encryption without proper randomization from self-chosen ephemeral randomness, weakening security guarantees and potentially enabling catastrophic key reuse. Affected default patterns include noise_pqkk_psk0, noise_pqkn_psk0, noise_pqnk_psk0, noise_pqnn_psk0, and some hybrid variants, meaning users of these patterns may have deployed handshakes lacking intended security properties.

The vulnerability carries a CVSS score of 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), indicating remote attackers require no privileges or user interaction and can exploit it over the network with low complexity. Exploitation involves leveraging the non-compliant patterns in affected deployments, compromising confidentiality and integrity through weakened encryption keys or reuse, as classified under CWE-327.

Clatter v2.2.0 fully patches the issue with runtime checks to detect offending handshake patterns. As a workaround, avoid using the affected *_psk0 variants of post-quantum patterns and review custom handshake patterns carefully. Additional details appear in the GitHub security advisory (GHSA-253q-9q78-63x4), the fixing commit (b65ae6e9b8019bed5407771e21f89ddff17c5a71), and the Noise Protocol Framework documentation on the PSK validity rule.

Details

CWE(s)
CWE-327

Affected Products

jmlepisto
clatter
≤ 2.2.0

CVEs Like This One

CVE-2024-8603Shared CWE-327
CVE-2025-66598Shared CWE-327
CVE-2026-21718Shared CWE-327
CVE-2025-68702Shared CWE-327
CVE-2026-22585Shared CWE-327
CVE-2026-1626Shared CWE-327
CVE-2025-2539Shared CWE-327
CVE-2026-34950Shared CWE-327
CVE-2025-63912Shared CWE-327
CVE-2026-1627Shared CWE-327

References