CVE-2026-1974
5.5
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow more
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: CNA (Secondary)
Description
A vulnerability was identified in Free5GC up to 4.1.0. This affects the function ResolveNodeIdToIp of the file internal/sbi/processor/datapath.go of the component SMF. The manipulation leads to denial of service. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. It is recommended to apply a patch to fix this issue.
Affected (1)
References (7)
Source: cna@vuldb.com
ExploitIssue TrackingVendor Advisory
Source: cna@vuldb.com
ExploitIssue TrackingVendor Advisory
Timeline (21)
2/9/20269 changes
Initial Analysis - Reference Type
03:47 PM
- -
+ VulDB: https://vuldb.com/?submit.743237 Types: Exploit, Third Party Advisory, VDB Entry
Initial Analysis - Reference Type
03:47 PM
- -
+ VulDB: https://vuldb.com/?id.344496 Types: Third Party Advisory, VDB Entry
Initial Analysis - Reference Type
03:47 PM
- -
+ VulDB: https://vuldb.com/?ctiid.344496 Types: Permissions Required, VDB Entry
Initial Analysis - Reference Type
03:47 PM
- -
+ VulDB: https://github.com/free5gc/smf/pull/189 Types: Issue Tracking
Initial Analysis - Reference Type
03:47 PM
- -
+ VulDB: https://github.com/free5gc/free5gc/issues/816#issue-3832055233 Types: Exploit, Issue Tracking, Vendor Advisory
Initial Analysis - Reference Type
03:47 PM
- -
+ VulDB: https://github.com/free5gc/free5gc/issues/816 Types: Exploit, Issue Tracking, Vendor Advisory
Initial Analysis - Reference Type
03:47 PM
- -
+ VulDB: https://github.com/free5gc/free5gc/ Types: Product
Initial Analysis - CPE Configuration
03:47 PM
- -
+ OR
*cpe:2.3:a:free5gc:free5gc:*:*:*:*:*:*:*:* versions up to (including) 4.1.0
Initial Analysis - CVSS V3.1
03:47 PM
- -
+ AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2/6/202612 changes
New CVE Received - Reference
02:16 AM
- -
+ https://vuldb.com/?submit.743237
New CVE Received - Reference
02:16 AM
- -
+ https://vuldb.com/?id.344496
New CVE Received - Reference
02:16 AM
- -
+ https://vuldb.com/?ctiid.344496
New CVE Received - Reference
02:16 AM
- -
+ https://github.com/free5gc/smf/pull/189
New CVE Received - Reference
02:16 AM
- -
+ https://github.com/free5gc/free5gc/issues/816#issue-3832055233
New CVE Received - Reference
02:16 AM
- -
+ https://github.com/free5gc/free5gc/issues/816
New CVE Received - Reference
02:16 AM
- -
+ https://github.com/free5gc/free5gc/
New CVE Received - CWE
02:16 AM
- -
+ CWE-404
New CVE Received - CVSS V2
02:16 AM
- -
+ (AV:N/AC:L/Au:N/C:N/I:N/A:P)
New CVE Received - CVSS V3.1
02:16 AM
- -
+ AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
New CVE Received - CVSS V4.0
02:16 AM
- -
+ AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
New CVE Received - Description
02:16 AM
- -
+ A vulnerability was identified in Free5GC up to 4.1.0. This affects the function ResolveNodeIdToIp of the file internal/sbi/processor/datapath.go of the component SMF. The manipulation leads to denial of service. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. It is recommended to apply a patch to fix this issue.