CVE-2026-1976

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-1976
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-1976.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-1976
Published
2026-02-06T03:15:49.503Z
Modified
2026-04-10T05:38:10.327724Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A weakness has been identified in Free5GC up to 4.1.0. Affected is the function SessionDeletionResponse of the component SMF. This manipulation causes null pointer dereference. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. It is suggested to install a patch to address this issue.

References

Affected packages

Git / github.com/free5gc/free5gc

Affected ranges

Type
GIT
Repo
https://github.com/free5gc/free5gc
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
de6bdb7a0d5963266c893cca59c86f55df348f57
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.1.0"
        }
    ]
}

Affected versions

v3.*
v3.0.5
v3.0.6
v3.0.7
v3.1.0
v3.1.1
v3.2.0
v3.2.1
v3.3.0
v3.4.0
v3.4.1
v3.4.2
v3.4.3
v3.4.4
v3.4.5
v4.*
v4.0.0
v4.0.1
v4.1.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-1976.json"