What is the CVSS score of CVE-2026-1974?

CVE-2026-1974 has a CVSS 3.1 base score of 5.3 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L. EPSS exploitation probability: 0.1%.

Which versions of Golang are affected by CVE-2026-1974?

Organizations using Free5GC should be aware of moderate risk from CVE-2026-1974 rated CVSS 5.3. Exploitation could compromise the security of affected deployments.

Is there a public PoC exploit available for CVE-2026-1974?

Yes, a public proof-of-concept exploit is available for CVE-2026-1974. Prioritise patching immediately. EPSS: 0.1%.

Golang CVE-2026-1974

MEDIUM

Improper Resource Shutdown or Release (CWE-404)

2026-02-06 cna@vuldb.com

Denial Of Service Golang Free5gc

5.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 09, 2026 - 15:47 vuln.today

Public exploit code

CVE Published

Feb 06, 2026 - 02:16 nvd

MEDIUM 5.3

DescriptionNVD

A vulnerability was identified in Free5GC up to 4.1.0. This affects the function ResolveNodeIdToIp of the file internal/sbi/processor/datapath.go of the component SMF. The manipulation leads to denial of service. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. It is recommended to apply a patch to fix this issue.

AnalysisAI

Free5GC versions up to 4.1.0 contain a denial of service vulnerability in the SMF component's ResolveNodeIdToIp function that can be exploited remotely without authentication. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected 5G network infrastructure at risk of service disruption.

RemediationAI

Within 30 days: Identify affected systems running Free5GC and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-1974 vulnerability details – vuln.today

Back

Golang CVE-2026-1974

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code