HIGHVulnerability
Verified
Global

NVD HIGH: CVE-2026-1584 — A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this ...

·Source: NIST NVD

Updated:

Executive Summary

A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key (PSK) binder value during the TLS handshake. This can lead to a NULL pointer dereference, causing the server to crash and resulting in a remote Denial of Service (DoS) condition.

Analysis

A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key (PSK) binder value during the TLS handshake. This can lead to a NULL pointer dereference, causing the server to crash and resulting in a remote Denial of Service (DoS) condition. CVSS Score: 7.5. Published: 2026-04-09T18:16:44.047.

Indicators of Compromise (1)

CVE (1)
CVE-2026-1584
NVDMITRE CVE
Source Attribution

Originally published by NIST NVD on Apr 9, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerabilityPOC

Microsoft’s incident response is getting a failing grade from researchers

Microsoft is ticking off a lot of researchers this week by claiming that those who dump proof-of-concept exploits for vulnerabilities they have not responsibly disclosed are enabling criminal activity, and that Microsoft will track them and bring cases against them. Whoever advised them to issue that statement may want to walk it back. Kevin Beaumont,... Source

DataBreaches.net
HIGHVulnerability

PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation

Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0257 (CVSS score: 7.8), refers to a case of authentication bypass that could be exploited by bad actors to set up VPN connections. "Authentication bypass vulnerabilities in the

CVE-2026-0257
The Hacker News
MEDIUMVulnerability

23andMe Failed to Stop Months-Long Hack, State Alleges

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/23andme-failed-to-stop-months-long-hack-state-alleges-image_small-2-a-31816.jpg" align=right hspace=4><b>Calif. Lawsuit: Genetics Testing Firm Missed Red Flags Before Massive 2023 Breach</b><br>Hackers in 2023 went undetected for five months in genetics testing firm 23andMe's IT systems, despite multiple unheeded warning signs, al

Bank Info Security