CVE-2026-1973

Summary

A vulnerability was determined in Free5GC up to 4.1.0. The impacted element is the function establishPfcpSession of the component SMF. Executing a manipulation can lead to null pointer dereference. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. It is best practice to apply a patch to resolve this issue.

Affected Software

VendorProductVersion RangeStatus
n/aFree5GC4.0affected
n/aFree5GC4.1.0affected

Weaknesses

  • CWE-476: NULL Pointer Dereference
  • CWE-404: Denial of Service

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References