CVE-2026-1973 – Free5GC SMF establishPfcpSession null pointer dereference

CVE ID : CVE-2026-1973

Published : Feb. 6, 2026, 2:16 a.m. | 1 hour, 3 minutes ago

Description : A vulnerability was determined in Free5GC up to 4.1.0. The impacted element is the function establishPfcpSession of the component SMF. Executing a manipulation can lead to null pointer dereference. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. It is best practice to apply a patch to resolve this issue.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…