CVE-2026-4652

Name of the Vulnerable Software and Affected Versions NVMe/TCP (affected versions not specified)

Description A remote client can cause a kernel panic on a system exposing an NVMe/TCP target by sending a CONNECT command to an I/O queue with an invalid or outdated CNTLID. An attacker with network access to the NVMe/TCP target can trigger an unauthenticated Denial of Service condition on the affected machine. The vulnerable component is the handling of the CONNECT command and the validation of the CNTLID parameter.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.