A vulnerability was determined in Free5GC up to 4.1.0. The impacted element is the function establishPfcpSession of the component SMF. Executing a manipulation can lead to null pointer dereference. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. It is best practice to apply a patch to resolve this issue.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/1xxx/CVE-2026-1973.json",
"cwe_ids": [
"CWE-404",
"CWE-476"
],
"cna_assigner": "VulDB"
}{
"cpe": "cpe:2.3:a:free5gc:free5gc:*:*:*:*:*:*:*:*",
"source": [
"AFFECTED_FIELD",
"CPE_RANGE"
],
"extracted_events": [
{
"introduced": "4.0"
},
{
"last_affected": "4.0"
},
{
"introduced": "4.1.0"
},
{
"last_affected": "4.1.0"
},
{
"introduced": "0"
}
]
}