diff --git a/.changelog/4247.txt b/.changelog/4247.txt
new file mode 100644
index 0000000000..b0b75950a8
--- /dev/null
+++ b/.changelog/4247.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+api-gateway: fix nil pointer deref bug when the section name in a gateway policy is not specified
+```
diff --git a/control-plane/api-gateway/binding/validation.go b/control-plane/api-gateway/binding/validation.go
index 02ca210294..c260d57baf 100644
--- a/control-plane/api-gateway/binding/validation.go
+++ b/control-plane/api-gateway/binding/validation.go
@@ -165,6 +165,13 @@ func validateGateway(gateway gwv1beta1.Gateway, pods []corev1.Pod, consulGateway
 	return result
 }
 
+func stringOrEmtpy(s *gwv1beta1.SectionName) string {
+	if s == nil {
+		return ""
+	}
+	return string(*s)
+}
+
 func validateGatewayPolicies(gateway gwv1beta1.Gateway, policies []v1alpha1.GatewayPolicy, resources *common.ResourceMap) gatewayPolicyValidationResults {
 	results := make(gatewayPolicyValidationResults, 0, len(policies))
 
@@ -175,7 +182,7 @@ func validateGatewayPolicies(gateway gwv1beta1.Gateway, policies []v1alpha1.Gate
 
 		exists := listenerExistsForPolicy(gateway, policy)
 		if !exists {
-			result.resolvedRefsErrs = append(result.resolvedRefsErrs, errorForMissingListener(policy.Spec.TargetRef.Name, string(*policy.Spec.TargetRef.SectionName)))
+			result.resolvedRefsErrs = append(result.resolvedRefsErrs, errorForMissingListener(policy.Spec.TargetRef.Name, stringOrEmtpy(policy.Spec.TargetRef.SectionName)))
 		}
 
 		missingJWTProviders := make(map[string]struct{})
@@ -211,6 +218,10 @@ func validateGatewayPolicies(gateway gwv1beta1.Gateway, policies []v1alpha1.Gate
 }
 
 func listenerExistsForPolicy(gateway gwv1beta1.Gateway, policy v1alpha1.GatewayPolicy) bool {
+	if policy.Spec.TargetRef.SectionName == nil {
+		return false
+	}
+
 	return gateway.Name == policy.Spec.TargetRef.Name &&
 		slices.ContainsFunc(gateway.Spec.Listeners, func(l gwv1beta1.Listener) bool { return l.Name == *policy.Spec.TargetRef.SectionName })
 }