Vulnerability DatabaseCVE-2026-4652
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2026-4652
March 26, 2026
On a system exposing an NVMe/TCP target, a remote client can trigger a kernel panic by sending a CONNECT command for an I/O queue with a bogus or stale CNTLID. An attacker with network access to the NVMe/TCP target can trigger an unauthenticated Denial of Service condition on the affected machine.
Affected Packages
https://github.com/freebsd/freebsd-src.git (GITHUB):
Affected version(s) >=release/15.0.0 <release/15.0.0-p4
Fix Suggestion:
Update to version release/15.0.0-p4
https://github.com/freebsd/freebsd-src.git (GITHUB):
Affected version(s) >=release/15.0.0 <release/15.0.0-p4
Fix Suggestion:
Update to version release/15.0.0-p4
https://github.com/freebsd/freebsd-src.git (GITHUB):
Affected version(s) >=release/15.0.0 <release/15.0.0-p4
Fix Suggestion:
Update to version release/15.0.0-p4
Related ResourcesĀ (1)
https://security.freebsd.org/advisories/FreeBSD-SA-26:07.nvmf.asc
Do you need more information?
Contact Us
CVSS v3
Base Score:
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH
Weakness Type (CWE)
NULL Pointer Dereference
CWE-476
EPSS
Base Score:
0.05