Remote Denial of Service Vulnerability in GnuTLS Affecting Red Hat Products
CVE-2026-1584

7.5HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 9 April 2026

What is CVE-2026-1584?

A vulnerability exists in GnuTLS that allows a remote attacker to exploit a crafted ClientHello message with an invalid Pre-Shared Key (PSK) binder during the TLS handshake process. This can result in a NULL pointer dereference, potentially causing the server to crash, leading to a remote denial of service. The flaw affects the stability and availability of services utilizing GnuTLS, particularly under malicious conditions.

References

https://access.redhat.com/security/cve/CVE-2026-1584

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2435258

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 9, 2026
Vulnerability Reserved
Jan 29, 2026

CVE-2026-1584 Data

JSON