CVE-2026-1976

MEDIUM

Free5GC <4.1.0 - Null Pointer Dereference

Title source: llm

Description

A weakness has been identified in Free5GC up to 4.1.0. Affected is the function SessionDeletionResponse of the component SMF. This manipulation causes null pointer dereference. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. It is suggested to install a patch to address this issue.

References (7)

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.344498

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.344498

[Exploit, Third Party Advisory, VDB Entry] https://vuldb.com/?submit.743239

[Exploit, Issue Tracking, Vendor Advisory] https://github.com/free5gc/free5gc/issues/817

[Exploit, Issue Tracking, Vendor Advisory] https://github.com/free5gc/free5gc/issues/817#issue-3832188092

[Issue Tracking] https://github.com/free5gc/smf/pull/189

[Product] https://github.com/free5gc/free5gc/

Scores

CVSS v3 5.3

EPSS 0.0012

EPSS Percentile 30.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-476 CWE-404

Status published

Products (1)

free5gc/free5gc < 4.1.0

Published Feb 06, 2026

Tracked Since Feb 18, 2026