diff --git a/0426-commands-search.c-check-possible-NULL-pointer-before.patch b/0426-commands-search.c-check-possible-NULL-pointer-before.patch
new file mode 100644
index 0000000..2791652
--- /dev/null
+++ b/0426-commands-search.c-check-possible-NULL-pointer-before.patch
@@ -0,0 +1,24 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Leo Sandoval <lsandova@redhat.com>
+Date: Wed, 11 Feb 2026 15:12:10 -0600
+Subject: [PATCH] commands/search.c: check possible NULL pointer before
+ dereference
+
+Signed-off-by: Leo Sandoval <lsandova@redhat.com>
+---
+ grub-core/commands/search.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/commands/search.c b/grub-core/commands/search.c
+index 9dd937e6df..4677f009cd 100644
+--- a/grub-core/commands/search.c
++++ b/grub-core/commands/search.c
+@@ -213,7 +213,7 @@ iterate_device (const char *name, void *data)
+                     int ret = 0;
+ 
+                     get_device_uuid(name, &quid_name);
+-                    if (!grub_strcmp(quid_name, ctx->key))
++                    if (quid_name && !grub_strcmp(quid_name, ctx->key))
+                       {
+                         uuid_ctx.name = name;
+                         uuid_ctx.uuid = quid_name;
diff --git a/grub.patches b/grub.patches
index 9ec6cb6..32cadf7 100644
--- a/grub.patches
+++ b/grub.patches
@@ -422,3 +422,4 @@ Patch0422: 0422-normal-main-Unregister-commands-on-module-unload.patch
 Patch0423: 0423-tests-lib-functional_test-Unregister-commands-on-mod.patch
 Patch0424: 0424-commands-usbtest-Use-correct-string-length-field.patch
 Patch0425: 0425-commands-usbtest-Ensure-string-length-is-sufficient-.patch
+Patch0426: 0426-commands-search.c-check-possible-NULL-pointer-before.patch
\ No newline at end of file
diff --git a/grub2.spec b/grub2.spec
index 642bd8e..3aee2f3 100644
--- a/grub2.spec
+++ b/grub2.spec
@@ -17,7 +17,7 @@
 Name:		grub2
 Epoch:		1
 Version:	2.12
-Release:	38%{?dist}
+Release:	39%{?dist}
 Summary:	Bootloader with support for Linux, Multiboot and more
 License:	GPL-3.0-or-later
 URL:		http://www.gnu.org/software/grub/
@@ -574,6 +574,10 @@ fi
 %endif
 
 %changelog
+* Wed Feb 11 2026 Leo Sandoval <lsandova@redhat.com> - 2.12-39
+- commands/search.c: check possible NULL pointer before dereference
+- Resolves: #RHEL-146317
+
 * Wed Feb 4 2026 Nicolas Frayer <nfrayer@redhat.com> - 2.12-38
 - Fix several security issues about module unloading and file handling
 - Resolves: #RHEL-141581