{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4751", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2026-03-24T05:37:21.386Z", "datePublished": "2026-03-24T05:37:44.416Z", "dateUpdated": "2026-03-24T14:29:05.841Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-03-24T05:37:44.416Z"}, "title": "NULL Pointer Dereference in tmate-io tmate", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "type": "CWE"}]}], "affected": [{"vendor": "tmate-io", "product": "tmate", "collectionURL": "https://github.com/tmate-io/tmate", "versions": [{"status": "affected", "version": "0", "lessThan": "2.4.0", "versionType": "git"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "NULL Pointer Dereference vulnerability in tmate-io tmate.This issue affects tmate: before 2.4.0.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "NULL Pointer Dereference vulnerability in tmate-io tmate.<p>This issue affects tmate: before 2.4.0.</p>"}]}], "references": [{"url": "https://github.com/tmate-io/tmate/pull/328", "tags": ["patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseSeverity": "MEDIUM", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}}], "credits": [{"lang": "en", "value": "TITAN Team (titancaproject@gmail.com)", "type": "reporter"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T14:28:52.686331Z", "id": "CVE-2026-4751", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T14:29:05.841Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4751", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-24T14:28:52.686331Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T14:28:59.191Z"}}], "cna": {"title": "NULL Pointer Dereference in tmate-io tmate", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "tmate-io", "product": "tmate", "versions": [{"status": "affected", "version": "0", "lessThan": "2.4.0", "versionType": "git"}], "collectionURL": "https://github.com/tmate-io/tmate", "defaultStatus": "affected"}], "references": [{"url": "https://github.com/tmate-io/tmate/pull/328", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "NULL Pointer Dereference vulnerability in tmate-io tmate.This issue affects tmate: before 2.4.0.", "supportingMedia": [{"type": "text/html", "value": "NULL Pointer Dereference vulnerability in tmate-io tmate.<p>This issue affects tmate: before 2.4.0.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-03-24T05:37:44.416Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4751", "state": "PUBLISHED", "dateUpdated": "2026-03-24T14:29:05.841Z", "dateReserved": "2026-03-24T05:37:21.386Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2026-03-24T05:37:44.416Z", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "NULL Pointer Dereference vulnerability in tmate-io tmate.This issue affects tmate: before 2.4.0."}], "id": "CVE-2026-4751", "lastModified": "2026-03-24T15:53:48.067", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}, "published": "2026-03-24T06:16:23.407", "references": [{"source": "cve_disclosure@tech.gov.sg", "url": "https://github.com/tmate-io/tmate/pull/328"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2.4.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "tmate", "source": "cna", "vendor": "tmate-io"}, "product": "tmate", "vendor": "tmate-io"}], "analysis": {"en": {"generated_at": "2026-03-24T07:52:10.457291+00:00", "value": {"mitigation_remediation": ["Upgrade tmate to version 2.4.0 or later."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the tmate-io tmate application, specifically any installation prior to version 2.4.0. All prior releases are susceptible; newer releases are not affected.", "description_and_impact": "A null pointer dereference in tmate-io tmate leads to application crashes on versions before 2.4.0. The flaw results in denial of service, impacting application availability without disclosure of confidential data or modification of system state. The weakness corresponds to CWE-476.", "risk_and_exploitability": "The CVSS score of 5.3 indicates medium severity, while no EPSS score is provided and the issue is absent from the KEV catalog, suggesting limited active exploitation. The flaw appears to be triggered by input that causes a null dereference, which likely requires local or privileged access to the service. Successful exploitation would terminate the service, leading to denial of service for legitimate users."}}}}, "created": "2026-03-24T10:28:58.340446+00:00", "updated": "2026-03-25T20:40:03.054231+00:00", "vendors": ["tmate-io", "tmate-io$PRODUCT$tmate"]}