Vulnerability Description
A vulnerability was identified in Free5GC up to 4.1.0. This affects the function ResolveNodeIdToIp of the file internal/sbi/processor/datapath.go of the component SMF. The manipulation leads to denial of service. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. It is recommended to apply a patch to fix this issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Free5Gc | Free5Gc | <= 4.1.0 |
Related Weaknesses (CWE)
References
- https://github.com/free5gc/free5gc/Product
- https://github.com/free5gc/free5gc/issues/816ExploitIssue TrackingVendor Advisory
- https://github.com/free5gc/free5gc/issues/816#issue-3832055233ExploitIssue TrackingVendor Advisory
- https://github.com/free5gc/smf/pull/189Issue Tracking
- https://vuldb.com/?ctiid.344496Permissions RequiredVDB Entry
- https://vuldb.com/?id.344496Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.743237ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2026-1974?
CVE-2026-1974 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability was identified in Free5GC up to 4.1.0. This affects the function ResolveNodeIdToIp of the file internal/sbi/processor/datapath.go of the component SMF. The manipulation leads to denial...
How severe is CVE-2026-1974?
CVE-2026-1974 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-1974?
Check the references section above for vendor advisories and patch information. Affected products include: Free5Gc Free5Gc.