Skip to main content

Pcf

3 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-41135 Go HIGH PATCH GHSA This Week

Unauthenticated remote attackers can crash free5GC Policy Control Function (PCF) versions before 1.4.3 via repeated HTTP requests to the OAM endpoint over the Service-Based Interface. Each request leaks memory by registering duplicate CORS middleware in the Gin router handler chain, causing progressive memory exhaustion that prevents all User Equipment from establishing 5G sessions. Patched in version 1.4.3 via commit 599803b. EPSS data unavailable; not listed in CISA KEV. CVSS 7.5 High severity reflects network-accessible unauthenticated attack with high availability impact.

Denial Of Service Free5gc Pcf
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-1739 MEDIUM POC PATCH This Month

Remote denial of service in Free5GC PCF versions up to 1.4.1 stems from a null pointer dereference in the SM Policy request handler, allowing unauthenticated attackers to crash the service from the network. Public exploit code exists for this vulnerability, and a patch is available to remediate the issue.

Null Pointer Dereference Pcf
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-66720 HIGH POC PATCH This Week

Null pointer dereference in free5gc pcf 1.4.0 in file internal/sbi/processor/ampolicy.go in function HandleDeletePoliciesPolAssoId. [CVSS 7.5 HIGH]

Golang Null Pointer Dereference Pcf
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-41135 Go
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Unauthenticated remote attackers can crash free5GC Policy Control Function (PCF) versions before 1.4.3 via repeated HTTP requests to the OAM endpoint over the Service-Based Interface. Each request leaks memory by registering duplicate CORS middleware in the Gin router handler chain, causing progressive memory exhaustion that prevents all User Equipment from establishing 5G sessions. Patched in version 1.4.3 via commit 599803b. EPSS data unavailable; not listed in CISA KEV. CVSS 7.5 High severity reflects network-accessible unauthenticated attack with high availability impact.

Denial Of Service Free5gc Pcf
NVD GitHub
CVE-2026-1739
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

Remote denial of service in Free5GC PCF versions up to 1.4.1 stems from a null pointer dereference in the SM Policy request handler, allowing unauthenticated attackers to crash the service from the network. Public exploit code exists for this vulnerability, and a patch is available to remediate the issue.

Null Pointer Dereference Pcf
NVD GitHub VulDB
CVE-2025-66720
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Null pointer dereference in free5gc pcf 1.4.0 in file internal/sbi/processor/ampolicy.go in function HandleDeletePoliciesPolAssoId. [CVSS 7.5 HIGH]

Golang Null Pointer Dereference Pcf
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy