Vulnerability DatabaseCVE-2026-1584
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2026-1584
February 09, 2026
In libgnutls 3.8.11 there is a NULL pointer dereference in PSK binder verification. A TLS 1.3 resumption attempt with an invalid PSK binder value in ClientHello could lead to a denial of service attack via crashing the server. The updated code guards against the problematic dereference. The issue is fixed in 3.8.12.
Affected Packages
https://gitlab.com/gnutls/gnutls.git (SCM_GIT):
Affected version(s) =3.8.11 <3.8.12
Fix Suggestion:
Update to version 3.8.12
Related Resources (1)
https://seclists.org/oss-sec/2026/q1/155
Do you need more information?
Contact Us
CVSS v3
Base Score:
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH
Weakness Type (CWE)
NULL Pointer Dereference
CWE-476