Home

Description

A vulnerability has been found in Free5GC SMF up to 4.1.0. Affected by this vulnerability is the function HandlePfcpSessionReportRequest of the file internal/pfcp/handler/handler.go of the component PFCP. The manipulation leads to denial of service. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. To fix this issue, it is recommended to deploy a patch.

PUBLISHED Reserved 2026-01-30 | Published 2026-01-30 | Updated 2026-01-30 | Assigner VulDB




MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
MEDIUM: 5.3CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
5.0AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C

Problem types

Denial of Service

Product status

4.0
affected

4.1.0
affected

Timeline

2026-01-30:Advisory disclosed
2026-01-30:VulDB entry created
2026-01-30:VulDB entry last update

Credits

ZiyuLin (VulDB User) reporter

References

vuldb.com/?id.343476 (VDB-343476 | Free5GC SMF PFCP handler.go HandlePfcpSessionReportRequest denial of service) vdb-entry technical-description

vuldb.com/?ctiid.343476 (VDB-343476 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/?submit.739653 (Submit #739653 | free5gc SMF v4.1.0 Denial of Service) third-party-advisory

vuldb.com/?submit.739654 (Submit #739654 | free5gc SMF v4.1.0 Denial of Service (Duplicate)) third-party-advisory

github.com/free5gc/free5gc/issues/804 issue-tracking

github.com/free5gc/free5gc/issues/804 exploit issue-tracking

github.com/free5gc/smf/pull/188 issue-tracking patch

cve.org (CVE-2026-1683)

nvd.nist.gov (CVE-2026-1683)

Download JSON