CVE-2026-1976

Sažetak

A weakness has been identified in Free5GC up to 4.1.0. Affected is the function SessionDeletionResponse of the component SMF. This manipulation causes null pointer dereference. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. It is suggested to install a patch to address this issue.

Reference

https://github.com/free5gc/free5gc/
https://github.com/free5gc/free5gc/issues/817
https://github.com/free5gc/free5gc/issues/817#issue-3832188092
https://github.com/free5gc/smf/pull/189
https://vuldb.com/?ctiid.344498
https://vuldb.com/?id.344498
https://vuldb.com/?submit.743239

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Zadnje važnije ažuriranje

09-02-2026 - 15:04

Objavljeno

06-02-2026 - 03:15