Skip to main content

CWE-476

NULL Pointer Dereference

4118 CVEs Avg CVSS 6.1 MITRE
85
CRITICAL
963
HIGH
2981
MEDIUM
87
LOW
865
POC
1
KEV

Monthly

CVE-2026-15352 HIGH CISA This Week

Denial of service in NASA's Core Flight System (cFS) Health & Safety (HS) application allows a remote attacker to crash the application through a NULL pointer dereference triggered while processing a routine Housekeeping Telemetry request. All HS versions prior to v7.0.1 are affected; the crash produces a segmentation fault that halts the health-monitoring task. No public exploit identified at time of analysis, and it is not listed in CISA KEV, but a CISA ICS advisory (ICSA-26-197-03) and vendor-tagged fix release exist.

Denial Of Service Null Pointer Dereference Core Flight System Cfs Health Safety Hs Application
NVD GitHub
CVSS 4.0
8.2
CVE-2026-62299 MEDIUM PATCH This Month

Nil pointer dereference in CoreDNS prior to 1.14.5 allows remote unauthenticated attackers to crash or degrade the DNS server by sending a single ordinary DNS query. The rewrite plugin's edns0 response rules dereference the result of IsEdns0() without a nil check; when a downstream plugin returns a response lacking an OPT record, the ResponseReverter panics, returning SERVFAIL in default deployments or terminating the CoreDNS process entirely when the debug directive is active. No public exploit code has been identified and the issue is fixed in v1.14.5.

Denial Of Service Null Pointer Dereference Coredns
NVD GitHub
CVSS 3.1
5.3
CVE-2026-62309 HIGH PATCH This Week

Remote denial of service in CoreDNS versions prior to 1.14.4 allows an unauthenticated attacker to crash the DNS server with a single 28-byte UDP datagram when the proxyproto plugin is enabled. The malformed PROXY protocol v2 header triggers a nil pointer dereference in the PacketConn.ReadFrom log path, killing the process before per-request recovery can intervene. No public exploit identified at time of analysis, though the fixing PR includes a reproducer test that encodes the exact crashing byte sequence; not listed in CISA KEV.

Denial Of Service Null Pointer Dereference Coredns
NVD GitHub
CVSS 3.1
7.5
CVE-2026-53719 Go MEDIUM PATCH GHSA This Month

Deterministic nil-pointer dereference in Envoy Gateway's gatewayapi runner allows a low-privileged tenant to permanently stall controller-wide xDS and Infrastructure IR publishing by submitting a single malformed CRD. Any tenant with namespace-scoped RBAC permission to create SecurityPolicy and TCPRoute resources can trigger a panic on every reconcile cycle by omitting the spec.authorization field, requiring administrator intervention to restore control-plane operations. No exploitation confirmed in the wild (not in CISA KEV); patches are available in versions 1.7.4 and 1.8.1.

Null Pointer Dereference Denial Of Service
NVD GitHub
CVSS 3.1
6.5
CVE-2026-52865 HIGH PATCH This Week

Denial of service in F5 NGINX Ingress Controller allows an authenticated remote attacker holding write access to Ingress or TransportServer resources to crash the control plane by submitting a malformed resource. Because the offending resource persists in the cluster, the controller re-reads it and re-crashes, producing a durable crash loop rather than a one-time outage. There is no public exploit identified at time of analysis, and impact is confined to the control plane with no data plane or confidentiality/integrity exposure.

Nginx Denial Of Service Null Pointer Dereference Nginx Ingress Controller
NVD
CVSS 4.0
7.1
EPSS
0.3%
CVE-2025-56363 HIGH This Week

Denial of service in the Matter SDK (connectedhomeip) before 1.4.0 lets a remote unauthenticated attacker crash a smart-home device by sending a crafted read request. The flaw lives in the ReadRevisionAttribute function, which is reused across multiple clusters (Channel, Account Login, TargetNavigator), so any device exposing those clusters is affected. No public exploit identified at time of analysis, and the issue is availability-only (no code execution or data exposure).

Denial Of Service Null Pointer Dereference Matter
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-56168 MEDIUM PATCH Exploit Unlikely This Month

Null pointer dereference in Windows SMB Server allows an authorized attacker to deny service over a network.

Microsoft Denial Of Service Null Pointer Dereference Windows 10 Version 21H2 Windows 10 Version 22H2 +6
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2026-50673 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel lets an authenticated attacker gain elevated (SYSTEM-level) privileges by triggering a NULL pointer dereference (CWE-476) in kernel-mode code. The flaw affects a broad range of client and server builds from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. Reported by Microsoft with a patch available; no public exploit identified at time of analysis.

Microsoft Denial Of Service Null Pointer Dereference Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-50366 MEDIUM PATCH This Month

Null pointer dereference in Active Directory Domain Services allows an authorized attacker to deny service over a network.

Denial Of Service Null Pointer Dereference Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2026-50315 HIGH PATCH This Week

Local privilege escalation in Windows Image Acquisition (WIA) affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a NULL pointer dereference can be leveraged by an already-authenticated local user to elevate privileges. Microsoft rates it 7.8 (High) with full confidentiality, integrity, and availability impact despite the flaw class typically causing denial of service. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.

Microsoft Denial Of Service Null Pointer Dereference Windows 11 Version 24H2 Windows 11 Version 25H2 +3
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVSS 8.2
HIGH This Week

Denial of service in NASA's Core Flight System (cFS) Health & Safety (HS) application allows a remote attacker to crash the application through a NULL pointer dereference triggered while processing a routine Housekeeping Telemetry request. All HS versions prior to v7.0.1 are affected; the crash produces a segmentation fault that halts the health-monitoring task. No public exploit identified at time of analysis, and it is not listed in CISA KEV, but a CISA ICS advisory (ICSA-26-197-03) and vendor-tagged fix release exist.

Denial Of Service Null Pointer Dereference Core Flight System Cfs Health Safety Hs Application
NVD GitHub
CVSS 5.3
MEDIUM PATCH This Month

Nil pointer dereference in CoreDNS prior to 1.14.5 allows remote unauthenticated attackers to crash or degrade the DNS server by sending a single ordinary DNS query. The rewrite plugin's edns0 response rules dereference the result of IsEdns0() without a nil check; when a downstream plugin returns a response lacking an OPT record, the ResponseReverter panics, returning SERVFAIL in default deployments or terminating the CoreDNS process entirely when the debug directive is active. No public exploit code has been identified and the issue is fixed in v1.14.5.

Denial Of Service Null Pointer Dereference Coredns
NVD GitHub
CVSS 7.5
HIGH PATCH This Week

Remote denial of service in CoreDNS versions prior to 1.14.4 allows an unauthenticated attacker to crash the DNS server with a single 28-byte UDP datagram when the proxyproto plugin is enabled. The malformed PROXY protocol v2 header triggers a nil pointer dereference in the PacketConn.ReadFrom log path, killing the process before per-request recovery can intervene. No public exploit identified at time of analysis, though the fixing PR includes a reproducer test that encodes the exact crashing byte sequence; not listed in CISA KEV.

Denial Of Service Null Pointer Dereference Coredns
NVD GitHub
CVSS 6.5
MEDIUM PATCH This Month

Deterministic nil-pointer dereference in Envoy Gateway's gatewayapi runner allows a low-privileged tenant to permanently stall controller-wide xDS and Infrastructure IR publishing by submitting a single malformed CRD. Any tenant with namespace-scoped RBAC permission to create SecurityPolicy and TCPRoute resources can trigger a panic on every reconcile cycle by omitting the spec.authorization field, requiring administrator intervention to restore control-plane operations. No exploitation confirmed in the wild (not in CISA KEV); patches are available in versions 1.7.4 and 1.8.1.

Null Pointer Dereference Denial Of Service
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Denial of service in F5 NGINX Ingress Controller allows an authenticated remote attacker holding write access to Ingress or TransportServer resources to crash the control plane by submitting a malformed resource. Because the offending resource persists in the cluster, the controller re-reads it and re-crashes, producing a durable crash loop rather than a one-time outage. There is no public exploit identified at time of analysis, and impact is confined to the control plane with no data plane or confidentiality/integrity exposure.

Nginx Denial Of Service Null Pointer Dereference +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in the Matter SDK (connectedhomeip) before 1.4.0 lets a remote unauthenticated attacker crash a smart-home device by sending a crafted read request. The flaw lives in the ReadRevisionAttribute function, which is reused across multiple clusters (Channel, Account Login, TargetNavigator), so any device exposing those clusters is affected. No public exploit identified at time of analysis, and the issue is availability-only (no code execution or data exposure).

Denial Of Service Null Pointer Dereference Matter
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH Exploit Unlikely This Month

Null pointer dereference in Windows SMB Server allows an authorized attacker to deny service over a network.

Microsoft Denial Of Service Null Pointer Dereference +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Microsoft Windows Kernel lets an authenticated attacker gain elevated (SYSTEM-level) privileges by triggering a NULL pointer dereference (CWE-476) in kernel-mode code. The flaw affects a broad range of client and server builds from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. Reported by Microsoft with a patch available; no public exploit identified at time of analysis.

Microsoft Denial Of Service Null Pointer Dereference +18
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Null pointer dereference in Active Directory Domain Services allows an authorized attacker to deny service over a network.

Denial Of Service Null Pointer Dereference Windows 10 Version 1607 +17
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in Windows Image Acquisition (WIA) affects Windows 11 (24H2, 25H2, 26H1) and Windows Server 2025, where a NULL pointer dereference can be leveraged by an already-authenticated local user to elevate privileges. Microsoft rates it 7.8 (High) with full confidentiality, integrity, and availability impact despite the flaw class typically causing denial of service. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.

Microsoft Denial Of Service Null Pointer Dereference +5
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy