Home

Description

A vulnerability has been found in Free5GC pcf up to 1.4.1. This affects the function HandleCreateSmPolicyRequest of the file internal/sbi/processor/smpolicy.go. The manipulation leads to null pointer dereference. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is df535f5524314620715e842baf9723efbeb481a7. Applying a patch is the recommended action to fix this issue.

PUBLISHED Reserved 2026-02-01 | Published 2026-02-02 | Updated 2026-02-02 | Assigner VulDB




MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
MEDIUM: 5.3CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
5.0AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C

Problem types

NULL Pointer Dereference

Denial of Service

Product status

1.4.0
affected

1.4.1
affected

Timeline

2026-02-01:Advisory disclosed
2026-02-01:VulDB entry created
2026-02-01:VulDB entry last update

Credits

ZiyuLin (VulDB User) reporter

References

vuldb.com/?id.343638 (VDB-343638 | Free5GC pcf smpolicy.go HandleCreateSmPolicyRequest null pointer dereference) vdb-entry technical-description

vuldb.com/?ctiid.343638 (VDB-343638 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.741194 (Submit #741194 | free5gc PCF v4.1.0 Denial of Service) third-party-advisory

github.com/free5gc/free5gc/issues/803 issue-tracking

github.com/free5gc/pcf/pull/62 issue-tracking

github.com/free5gc/free5gc/issues/803 exploit issue-tracking

github.com/...ommit/df535f5524314620715e842baf9723efbeb481a7 patch

github.com/free5gc/pcf/ product

cve.org (CVE-2026-1739)

nvd.nist.gov (CVE-2026-1739)

Download JSON