CVE-2026-1974

MEDIUM

Free5GC <4.1.0 - DoS

Title source: llm

Description

A vulnerability was identified in Free5GC up to 4.1.0. This affects the function ResolveNodeIdToIp of the file internal/sbi/processor/datapath.go of the component SMF. The manipulation leads to denial of service. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. It is recommended to apply a patch to fix this issue.

References (7)

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.344496

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.344496

[Exploit, Third Party Advisory, VDB Entry] https://vuldb.com/?submit.743237

[Exploit, Issue Tracking, Vendor Advisory] https://github.com/free5gc/free5gc/issues/816

[Exploit, Issue Tracking, Vendor Advisory] https://github.com/free5gc/free5gc/issues/816#issue-3832055233

[Issue Tracking] https://github.com/free5gc/smf/pull/189

[Product] https://github.com/free5gc/free5gc/

Scores

CVSS v3 5.3

EPSS 0.0011

EPSS Percentile 28.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-404

Status published

Products (1)

free5gc/free5gc < 4.1.0

Published Feb 06, 2026

Tracked Since Feb 18, 2026