CVE-2026-1974

Sažetak

A vulnerability was identified in Free5GC up to 4.1.0. This affects the function ResolveNodeIdToIp of the file internal/sbi/processor/datapath.go of the component SMF. The manipulation leads to denial of service. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. It is recommended to apply a patch to fix this issue.

Reference

https://github.com/free5gc/free5gc/
https://github.com/free5gc/free5gc/issues/816
https://github.com/free5gc/free5gc/issues/816#issue-3832055233
https://github.com/free5gc/smf/pull/189
https://vuldb.com/?ctiid.344496
https://vuldb.com/?id.344496
https://vuldb.com/?submit.743237

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Zadnje važnije ažuriranje

09-02-2026 - 15:47

Objavljeno

06-02-2026 - 02:16