Skip to main content

Pcf CVE-2026-1739

MEDIUM
Improper Resource Shutdown or Release (CWE-404)
2026-02-02 cna@vuldb.com
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

4
Analysis Generated
Mar 12, 2026 - 22:01 vuln.today
PoC Detected
Feb 11, 2026 - 19:35 vuln.today
Public exploit code
Patch released
Feb 11, 2026 - 19:35 nvd
Patch available
CVE Published
Feb 02, 2026 - 02:16 nvd
MEDIUM 5.3

DescriptionCVE.org

A vulnerability has been found in Free5GC pcf up to 1.4.1. This affects the function HandleCreateSmPolicyRequest of the file internal/sbi/processor/smpolicy.go. The manipulation leads to null pointer dereference. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is df535f5524314620715e842baf9723efbeb481a7. Applying a patch is the recommended action to fix this issue.

AnalysisAI

Remote denial of service in Free5GC PCF versions up to 1.4.1 stems from a null pointer dereference in the SM Policy request handler, allowing unauthenticated attackers to crash the service from the network. Public exploit code exists for this vulnerability, and a patch is available to remediate the issue.

Technical ContextAI

Classified as CWE-404 (Improper Resource Shutdown or Release). Affects Pcf. A vulnerability has been found in Free5GC pcf up to 1.4.1. This affects the function HandleCreateSmPolicyRequest of the file internal/sbi/processor/smpolicy.go. The manipulation leads to null pointer dereference. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is df535f5524314620715e842baf9723efbeb481a7. Applying a patch is the recommended action to fix this issue.

RemediationAI

A vendor patch is available — apply it immediately. Restrict network access to the affected service where possible.

Share

CVE-2026-1739 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy