CVE-2026-1976
5.5
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow more
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: CNA (Secondary)
Description
A weakness has been identified in Free5GC up to 4.1.0. Affected is the function SessionDeletionResponse of the component SMF. This manipulation causes null pointer dereference. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. It is suggested to install a patch to address this issue.
Affected (1)
Related CWEs
References (7)
Source: cna@vuldb.com
ExploitIssue TrackingVendor Advisory
Source: cna@vuldb.com
ExploitIssue TrackingVendor Advisory
Timeline (23)
2/9/202610 changes
Initial Analysis - Reference Type
03:04 PM
- -
+ VulDB: https://vuldb.com/?submit.743239 Types: Exploit, Third Party Advisory, VDB Entry
Initial Analysis - Reference Type
03:04 PM
- -
+ VulDB: https://vuldb.com/?id.344498 Types: Third Party Advisory, VDB Entry
Initial Analysis - Reference Type
03:04 PM
- -
+ VulDB: https://vuldb.com/?ctiid.344498 Types: Permissions Required, VDB Entry
Initial Analysis - Reference Type
03:04 PM
- -
+ VulDB: https://github.com/free5gc/smf/pull/189 Types: Issue Tracking
Initial Analysis - Reference Type
03:04 PM
- -
+ VulDB: https://github.com/free5gc/free5gc/issues/817#issue-3832188092 Types: Exploit, Issue Tracking, Vendor Advisory
Initial Analysis - Reference Type
03:04 PM
- -
+ VulDB: https://github.com/free5gc/free5gc/issues/817 Types: Exploit, Issue Tracking, Vendor Advisory
Initial Analysis - Reference Type
03:04 PM
- -
+ VulDB: https://github.com/free5gc/free5gc/ Types: Product
Initial Analysis - CPE Configuration
03:04 PM
- -
+ OR
*cpe:2.3:a:free5gc:free5gc:*:*:*:*:*:*:*:* versions up to (including) 4.1.0
Initial Analysis - CWE
03:04 PM
- -
+ CWE-476
Initial Analysis - CVSS V3.1
03:04 PM
- -
+ AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2/6/202613 changes
New CVE Received - Reference
03:15 AM
- -
+ https://vuldb.com/?submit.743239
New CVE Received - Reference
03:15 AM
- -
+ https://vuldb.com/?id.344498
New CVE Received - Reference
03:15 AM
- -
+ https://vuldb.com/?ctiid.344498
New CVE Received - Reference
03:15 AM
- -
+ https://github.com/free5gc/smf/pull/189
New CVE Received - Reference
03:15 AM
- -
+ https://github.com/free5gc/free5gc/issues/817#issue-3832188092
New CVE Received - Reference
03:15 AM
- -
+ https://github.com/free5gc/free5gc/issues/817
New CVE Received - Reference
03:15 AM
- -
+ https://github.com/free5gc/free5gc/
New CVE Received - CWE
03:15 AM
- -
+ CWE-404
New CVE Received - CWE
03:15 AM
- -
+ CWE-476
New CVE Received - CVSS V2
03:15 AM
- -
+ (AV:N/AC:L/Au:N/C:N/I:N/A:P)
New CVE Received - CVSS V3.1
03:15 AM
- -
+ AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
New CVE Received - CVSS V4.0
03:15 AM
- -
+ AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
New CVE Received - Description
03:15 AM
- -
+ A weakness has been identified in Free5GC up to 4.1.0. Affected is the function SessionDeletionResponse of the component SMF. This manipulation causes null pointer dereference. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. It is suggested to install a patch to address this issue.