CVE-2026-4652 PUBLISHED

Remote denial of service via null pointer dereference

Assigner: freebsd
Reserved: 23.03.2026 Published: 26.03.2026 Updated: 26.03.2026

On a system exposing an NVMe/TCP target, a remote client can trigger a kernel panic by sending a CONNECT command for an I/O queue with a bogus or stale CNTLID.

An attacker with network access to the NVMe/TCP target can trigger an unauthenticated Denial of Service condition on the affected machine.

Product Status

Vendor	FreeBSD
Product	FreeBSD
Versions	Default: unknown affected from 15.0-RELEASE to p5 (excl.)

Credits

Nikolay Denev <ndenev@gmail.com> finder

References

https://security.freebsd.org/advisories/FreeBSD-SA-26:07.nvmf.asc

Problem Types

CWE-476: NULL Pointer Dereference CWE