Vulnerability Description
free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, SMF panics and terminates when processing a malformed PFCP SessionReportRequest on the PFCP (UDP/8805) interface. No known upstream fix is available, but some workarounds are available. ACL/firewall the PFCP interface so only trusted UPF IPs can reach SMF (reduce spoofing/abuse surface); drop/inspect malformed PFCP SessionReportRequest messages at the network edge where feasible, and/or add recover() around PFCP handler dispatch to avoid whole-process termination (mitigation only).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Free5Gc | Smf | <= 1.4.1 |
Related Weaknesses (CWE)
References
- https://github.com/free5gc/free5gc/issues/807ExploitIssue Tracking
- https://github.com/free5gc/free5gc/security/advisories/GHSA-mrv4-m9wc-c4g9Vendor Advisory
FAQ
What is CVE-2026-26024?
CVE-2026-26024 is a vulnerability with a CVSS score of 7.5 (HIGH). free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, SMF panics and terminates when...
How severe is CVE-2026-26024?
CVE-2026-26024 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-26024?
Check the references section above for vendor advisories and patch information. Affected products include: Free5Gc Smf.