CVE-2026-1974
MEDIUMfree5gc < 4.1.0 - Denial of Service in SMF Node ID Resolution
Title source: llmDescription
A vulnerability was identified in Free5GC up to 4.1.0. This affects the function ResolveNodeIdToIp of the file internal/sbi/processor/datapath.go of the component SMF. The manipulation leads to denial of service. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. It is recommended to apply a patch to fix this issue.
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.344496
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.344496
Exploit, Third Party Advisory, VDB Entry third-party-advisory
https://vuldb.com/?submit.743237
Exploit, Issue Tracking, Vendor Advisory issue-tracking
https://github.com/free5gc/free5gc/issues/816
Exploit, Issue Tracking, Vendor Advisory exploit
issue-tracking
https://github.com/free5gc/free5gc/issues/816#issue-3832055233
Issue Tracking issue-tracking
patch
https://github.com/free5gc/smf/pull/189
Product product
https://github.com/free5gc/free5gc/
Scores
CVSS v3
5.3
EPSS
0.0050
EPSS Percentile
38.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-404
Status
published
Products (1)
free5gc/free5gc
< 4.1.0
Published
Feb 06, 2026
Tracked Since
Feb 18, 2026