CVE-2026-4652 | THREATINT

Description

On a system exposing an NVMe/TCP target, a remote client can trigger a kernel panic by sending a CONNECT command for an I/O queue with a bogus or stale CNTLID. An attacker with network access to the NVMe/TCP target can trigger an unauthenticated Denial of Service condition on the affected machine.

PUBLISHED Reserved 2026-03-23 | Published 2026-03-26 | Updated 2026-03-26 | Assigner freebsd

Problem types

CWE-476: NULL Pointer Dereference

Product status

Default status

unknown

15.0-RELEASE (release) before p5

affected

Credits

Nikolay Denev <ndenev@gmail.com> finder

References

security.freebsd.org/advisories/FreeBSD-SA-26:07.nvmf.asc vendor-advisory

cve.org (CVE-2026-4652)

nvd.nist.gov (CVE-2026-4652)

Download JSON