CVE-2026-4652

HIGH 7.5

Remote denial of service via null pointer dereference

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

5th

On a system exposing an NVMe/TCP target, a remote client can trigger a kernel panic by sending a CONNECT command for an I/O queue with a bogus or stale CNTLID. An attacker with network access to the NVMe/TCP target can trigger an unauthenticated Denial of Service condition on the affected machine.

CWE	CWE-476
Vendor	freebsd
Product	freebsd
Published	Mar 26, 2026
Last Updated	Mar 26, 2026

Stay Ahead of the Next One

Get instant alerts for freebsd freebsd

Be the first to know when new high vulnerabilities affecting freebsd freebsd are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

FreeBSD / FreeBSD

15.0-RELEASE < p5

References

NVD ↗ CVE.org ↗ EPSS Data ↗

security.freebsd.org: https://security.freebsd.org/advisories/FreeBSD-SA-26:07.nvmf.asc

Credits

Nikolay Denev <[email protected]>