CVE-2026-1739

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-1739
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-1739.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-1739
Published
2026-02-02T02:16:10.823Z
Modified
2026-03-14T15:05:35.076789Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability has been found in Free5GC pcf up to 1.4.1. This affects the function HandleCreateSmPolicyRequest of the file internal/sbi/processor/smpolicy.go. The manipulation leads to null pointer dereference. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is df535f5524314620715e842baf9723efbeb481a7. Applying a patch is the recommended action to fix this issue.

References

Affected packages

Git / github.com/free5gc/pcf

Affected ranges

Type
GIT
Repo
https://github.com/free5gc/pcf
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
fbc3625e365482fd8831c02da57d6caf09f57a5a
Fixed
df535f5524314620715e842baf9723efbeb481a7
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.4.1"
        }
    ]
}

Affected versions

v1.*
v1.0.0
v1.0.1
v1.0.2
v1.1.0
v1.1.1
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.2.5
v1.2.6
v1.2.7
v1.3.0
v1.3.1
v1.3.2
v1.4.0
v1.4.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-1739.json"