CVE-2026-1976

Source
https://cve.org/CVERecord?id=CVE-2026-1976
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-1976.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-1976
Published
2026-02-06T03:02:11.211Z
Modified
2026-07-08T08:08:22.183117964Z
Severity
  • 5.5 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
Free5GC SMF SessionDeletionResponse null pointer dereference
Details

A weakness has been identified in Free5GC up to 4.1.0. Affected is the function SessionDeletionResponse of the component SMF. This manipulation causes null pointer dereference. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. It is suggested to install a patch to address this issue.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/1xxx/CVE-2026-1976.json",
    "cwe_ids": [
        "CWE-404",
        "CWE-476"
    ],
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / github.com/free5gc/free5gc

Affected ranges

Type
GIT
Repo
https://github.com/free5gc/free5gc
Events
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ],
    "cpe": "cpe:2.3:a:free5gc:free5gc:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "4.0"
        },
        {
            "last_affected": "4.0"
        },
        {
            "introduced": "4.1.0"
        },
        {
            "last_affected": "4.1.0"
        },
        {
            "introduced": "0"
        }
    ]
}

Affected versions

4.*
4.0
4.1.0
v4.*
v4.0.0
v4.0.1
v4.1.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-1976.json"