What is CVE-2026-1584?

CVE-2026-1584 is a high-severity vulnerability in Gnu Gnutls, classified under NULL Pointer Dereference. CVSS score: 7.5/10. Published 2026-04-09.

How severe is CVE-2026-1584?

High severity. CVSS v3 base score is 7.5 out of 10.

NULL pointer dereference in Gnu Gnutls

CVE-2026-1584

A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key (PSK) binder value during the TLS handshake. This can lead to a…

EPSS: 0.001 (28.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Weakness classification (CWE)

CWE-476 — NULL Pointer Dereference

References

RHSA-2026:7477 (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_REDHAT, vdb-entry, Vendor Advisory)
RHBZ#2435258 (x_refsource_REDHAT, issue-tracking, Issue Tracking, Vendor Advisory)

Frequently asked questions

What is CVE-2026-1584?: CVE-2026-1584 is a high-severity vulnerability in Gnu Gnutls, classified under NULL Pointer Dereference. CVSS score: 7.5/10. Published 2026-04-09.
How severe is CVE-2026-1584?: High severity. CVSS v3 base score is 7.5 out of 10.