diff --git a/CHANGES.rst b/CHANGES.rst
index 9f09f0c..2fdbf5f 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -1,6 +1,11 @@
 Changelog
 =========
 
+Version 0.1.2 (unreleased)
+--------------------------
+
+- Require ``key_size >= 4`` to avoid out-of-bounds reads in ``_get_index``, #42.
+
 Version 0.1.1 (2026-02-09)
 --------------------------
 
diff --git a/pyproject.toml b/pyproject.toml
index d98ee45..59378ef 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -9,7 +9,7 @@ description = "Memory-efficient hash table (implemented in Cython)"
 requires-python = ">=3.10"
 keywords = ["hashtable", "memory", "efficient", "dense"]
 classifiers = [
-    "Development Status :: 3 - Alpha",
+    "Development Status :: 4 - Beta",
     "Intended Audience :: Developers",
     "Programming Language :: Python",
     "Programming Language :: Python :: 3",
diff --git a/src/borghash/HashTable.pyx b/src/borghash/HashTable.pyx
index ebcae61..67284e9 100644
--- a/src/borghash/HashTable.pyx
+++ b/src/borghash/HashTable.pyx
@@ -53,8 +53,8 @@ cdef class HashTable:
         # .keys and .values array.
         # the keys/values arrays have bigger elements and are not hash tables, thus collisions and load
         # factor are no concern there. the kv_grow_factor can be relatively small.
-        if not key_size:
-            raise ValueError("key_size must be specified and must be > 0.")
+        if key_size < 4:
+            raise ValueError("key_size must be specified and must be >= 4.")
         if not value_size:
             raise ValueError("value_size must be specified and must be > 0.")
         self.ksize = key_size
diff --git a/src/borghash/HashTableNT.pyx b/src/borghash/HashTableNT.pyx
index b7a9aa0..02b0e92 100644
--- a/src/borghash/HashTableNT.pyx
+++ b/src/borghash/HashTableNT.pyx
@@ -25,8 +25,8 @@ cdef class HashTableNT:
     def __init__(self, items=None, *,
                  key_size: int, value_type: Any, value_format: Any,
                  capacity: int = MIN_CAPACITY, byte_order="little") -> None:
-        if not isinstance(key_size, int) or not key_size > 0:
-            raise ValueError("key_size must be an integer and > 0.")
+        if not isinstance(key_size, int) or not key_size >= 4:
+            raise ValueError("key_size must be an integer and >= 4.")
         if type(value_type) is not type:
             raise TypeError("value_type must be a namedtuple type.")
         if not isinstance(value_format, tuple):