Skip to main content

Free5gc CVE-2026-1975

MEDIUM
Improper Resource Shutdown or Release (CWE-404)
2026-02-06 cna@vuldb.com
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
PoC Detected
Feb 09, 2026 - 15:15 vuln.today
Public exploit code
CVE Published
Feb 06, 2026 - 03:15 nvd
MEDIUM 5.3

DescriptionCVE.org

A security flaw has been discovered in Free5GC up to 4.1.0. This impacts the function identityTriggerType of the file pfcp_reports.go. The manipulation results in null pointer dereference. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Applying a patch is advised to resolve this issue.

AnalysisAI

Free5GC versions up to 4.1.0 contain a null pointer dereference vulnerability in the identityTriggerType function of pfcp_reports.go that allows remote attackers to cause denial of service without authentication. Public exploit code exists for this vulnerability, and no patch is currently available.

Technical ContextAI

Classified as CWE-404 (Improper Resource Shutdown or Release). Affects Free5Gc. A security flaw has been discovered in Free5GC up to 4.1.0. This impacts the function identityTriggerType of the file pfcp_reports.go. The manipulation results in null pointer dereference. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Applying a patch is advised to resolve this issue.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2025-70123 HIGH POC
7.5 Feb 13

An improper input validation and protocol compliance vulnerability in free5GC v4.0.1 allows remote attackers to cause a

CVE-2025-70121 HIGH POC
7.5 Feb 13

An array index out of bounds vulnerability in the AMF component of free5GC v4.0.1 allows remote attackers to cause a den

CVE-2025-70122 HIGH POC
7.5 Feb 13

A heap buffer overflow vulnerability in the UPF component of free5GC v4.0.1 allows remote attackers to cause a denial of

CVE-2025-60638 HIGH POC
7.5 Nov 24

An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST

CVE-2023-49391 HIGH POC
7.5 Dec 22

An issue was discovered in free5GC version 3.3.0, allows remote attackers to execute arbitrary code and cause a denial o

CVE-2023-47347 HIGH POC
7.5 Nov 15

Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP messages w

CVE-2023-47345 HIGH POC
7.5 Nov 15

Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP message wi

CVE-2023-47346 HIGH POC
7.5 Nov 13

Buffer Overflow vulnerability in free5gc 3.3.0, UPF 1.2.0, and SMF 1.2.0 allows attackers to cause a denial of service v

CVE-2022-38871 HIGH POC
7.5 Nov 18

In Free5gc v3.0.5, the AMF breaks due to malformed NAS messages. Rated high severity (CVSS 7.5), this vulnerability is r

CVE-2022-38870 HIGH POC
7.5 Oct 25

Free5gc v3.2.1 is vulnerable to Information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely e

CVE-2023-4659 CRITICAL
9.8 Oct 02

Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform different actions on the

CVE-2026-5661 MEDIUM POC
5.5 Apr 06

Denial of service in Free5GC 4.2.0 NGSetupRequest Handler allows unauthenticated remote attackers to crash the AMF (Acce

Share

CVE-2026-1975 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy