CVE-2026-1974

medium

Description

A vulnerability was identified in Free5GC up to 4.1.0. This affects the function ResolveNodeIdToIp of the file internal/sbi/processor/datapath.go of the component SMF. The manipulation leads to denial of service. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. It is recommended to apply a patch to fix this issue.

References

https://vuldb.com/?id.344496

https://github.com/free5gc/free5gc/issues/816#issue-3832055233

https://vuldb.com/?submit.743237

https://vuldb.com/?ctiid.344496

https://github.com/free5gc/smf/pull/189

https://github.com/free5gc/free5gc/issues/816

https://github.com/free5gc/free5gc/

Details

Source: Mitre, NVD

Published: 2026-02-06

Updated: 2026-02-09

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High

CVSS v4

Base Score: 6.9

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.00057