High severity7.5NVD Advisory· Published Apr 16, 2026· Updated Apr 17, 2026

CVE-2026-30656

Description

A NULL pointer dereference vulnerability exists in fio (Flexible I/O Tester) v3.41 when parsing job files containing the fdp_pli option. The callback function str_fdp_pli_cb() does not validate the input pointer and calls strdup() on a NULL value when the option is specified without an argument. This results in a segmentation fault and process crash.

Affected products

Axboe/Fioreferences

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gist.github.com/Criticayon/eb5e69163bfa4ce684e62ed5c939b76envd
github.com/axboe/fio/issues/2055nvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000