Unrated severityOSV Advisory· Published Jan 30, 2026· Updated Feb 23, 2026
Free5GC SMF PFCP UDP Endpoint handler.go HandlePfcpAssociationReleaseRequest null pointer dereference
CVE-2026-1682
Description
A flaw has been found in Free5GC SMF up to 4.1.0. Affected is the function HandlePfcpAssociationReleaseRequest of the file internal/pfcp/handler/handler.go of the component PFCP UDP Endpoint. Executing a manipulation can lead to null pointer dereference. The attack may be launched remotely. The exploit has been published and may be used. A patch should be applied to remediate this issue.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- github.com/free5gc/smf/pull/188mitreissue-trackingpatch
- github.com/free5gc/free5gc/issues/794mitreexploitissue-tracking
- vuldb.commitrethird-party-advisory
- github.com/free5gc/free5gc/issues/794mitreissue-tracking
- github.com/free5gc/free5gc/issues/794mitreissue-tracking
- vuldb.commitresignaturepermissions-required
- vuldb.commitrevdb-entrytechnical-description
News mentions
0No linked articles in our index yet.