What is the severity of CVE-2026-24785?

CVE-2026-24785 has a CVSS v3 score of 0, which is classified as Low severity.

Is there an exploit available for CVE-2026-24785?

No known public exploits are currently available for CVE-2026-24785.

Is there a patch available for CVE-2026-24785?

Yes, patches are available for CVE-2026-24785. Check the vendor advisories for update instructions.

CVE-2026-24785

Q: What is CVE-2026-24785?

### Impact Protocol compliance vulnerability. The library allowed post-quantum handshake patterns that violated the PSK validity rule (Noise Protocol Framework Section 9.3). This could allow PSK-derived keys to be used for encryption without proper randomization by self-chosen ephemeral randomness, weakening security guarantees and potentially allowing catastrophic key reuse. Affected default patterns include `noise_pqkk_psk0`, `noise_pqkn_psk0`, `noise_pqnk_psk0`, `noise_pqnn_psk0`, and some hybrid variants. Users of these patterns may have been using handshakes that do not meet the intended security properties. ### Patches The issue is fully patched and released in Clatter v2.2.0. The fixed version includes runtime checks to detect offending handshake patterns. ### Workarounds Avoid using offending `*_psk0` variants of post-quantum patterns. Review custom handshake patterns carefully. ### Resources * [PSK validity rule](https://noiseprotocol.org/noise.html#validity-rule)

Published: February 16, 2026

Last updated:1 day ago (February 16, 2026)

Exploit: NoZero-day: NoPatch: YesTrend: Neutral

TL;DR

Updated February 16, 2026

CVE-2026-24785 is a low severity vulnerability with a CVSS score of 0.0. No known exploits currently, and patches are available.

Key Points

1Low severity (CVSS 0.0/10)
2No known public exploits
3Vendor patches are available

Severity Scores

CVSS v30.0

CVSS v20.0

Priority Score0.0

EPSS Score0.0

None

Exploitation LikelihoodMinimal

0.00%EPSS

Very low probability of exploitation

Monitor and patch as resources allow

0.00%

EPSS

0.0

CVSS

Exploit

Yes

Patch

Low Priority

no major risk factors

EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.

Description

Impact

Protocol compliance vulnerability. The library allowed post-quantum handshake patterns that violated the PSK validity rule (Noise Protocol Framework Section 9.3). This could allow PSK-derived keys to be used for encryption without proper randomization by self-chosen ephemeral randomness, weakening security guarantees and potentially allowing catastrophic key reuse.

Affected default patterns include noise_pqkk_psk0, noise_pqkn_psk0, noise_pqnk_psk0, noise_pqnn_psk0, and some hybrid variants. Users of these patterns may have been using handshakes that do not meet the intended security properties.

Patches

The issue is fully patched and released in Clatter v2.2.0. The fixed version includes runtime checks to detect offending handshake patterns.

Workarounds

Avoid using offending *_psk0 variants of post-quantum patterns. Review custom handshake patterns carefully.

Resources

PSK validity rule

CVSS v3 Breakdown

Attack Vector:-

Attack Complexity:-

Privileges Required:-

User Interaction:-

Scope:-

Confidentiality:-

Integrity:-

Availability:-

Patch References

Github.com

Trend Analysis

Neutral

Advisories

GitHub Advisory NVD

Cite This Page

APA Format

Strobes VI. (2026). CVE-2026-24785 - CVE Details and Analysis. Strobes VI. Retrieved February 17, 2026, from https://vi.strobes.co/cve/CVE-2026-24785

Quick copy link + title

Please cite this page when referencing data from Strobes VI. Proper attribution helps support our vulnerability intelligence research.