Nvme/Tcp · Nvme/Tcp · CVE-2026-4652
**Name of the Vulnerable Software and Affected Versions**
NVMe/TCP (affected versions not specified)
**Description**
A remote client can cause a kernel panic on a system exposing an NVMe/TCP target by sending a CONNECT command to an I/O queue with an invalid or outdated CNTLID. An attacker with network access to the NVMe/TCP target can trigger an unauthenticated Denial of Service condition on the affected machine. The vulnerable component is the handling of the `CONNECT` command and the validation of the `CNTLID` parameter.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.