CVE-2026-24785
Protocol Compliance Vulnerability in Clatter Noise PQ Handshake Patterns
Publication date: 2026-01-28
Last updated on: 2026-02-27
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jmlepisto | clatter | to 2.2.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-327 | The product uses a broken or risky cryptographic algorithm or protocol. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Clatter versions prior to 2.2.0, a Rust implementation of the Noise protocol framework with post-quantum support. The issue is a protocol compliance vulnerability where certain post-quantum handshake patterns (specifically those ending with '_psk0') violated the PSK validity rule from the Noise Protocol Framework. This violation allowed PSK-derived keys to be used for encryption without proper randomization by ephemeral randomness, weakening security guarantees and potentially causing catastrophic key reuse. The vulnerability affects default patterns like noise_pqkk_psk0, noise_pqkn_psk0, noise_pqnk_psk0, noise_pqnn_psk0, and some hybrid variants. The issue is fixed in Clatter v2.2.0 with runtime checks to detect offending handshake patterns.
How can this vulnerability impact me? :
This vulnerability can weaken the security of encrypted communications by allowing the reuse of keys derived from pre-shared keys (PSKs) without proper randomization. This can lead to catastrophic key reuse, which compromises the confidentiality and integrity of the communication. Users employing the affected handshake patterns may have handshakes that do not meet the intended security properties, potentially exposing sensitive data to attackers.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can be done by checking if your system or application is using Clatter versions prior to 2.2.0 and if it employs the affected post-quantum handshake patterns such as noise_pqkk_psk0, noise_pqkn_psk0, noise_pqnk_psk0, noise_pqnn_psk0, or related hybrid variants. Since the fixed version 2.2.0 includes runtime checks to detect offending handshake patterns, upgrading to this version is recommended. Specific commands are not provided in the available information.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading Clatter to version 2.2.0 or later, which contains the fix and runtime checks for the vulnerability. As a workaround, avoid using the affected *_psk0 variants of post-quantum handshake patterns and carefully review any custom handshake patterns to ensure they comply with the PSK validity rule.