CVE-2026-1739

EUVD-2026-5125

02.02.2026, 02:16

A vulnerability has been found in Free5GC pcf up to 1.4.1. This affects the function HandleCreateSmPolicyRequest of the file internal/sbi/processor/smpolicy.go. The manipulation leads to null pointer dereference. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is df535f5524314620715e842baf9723efbeb481a7. Applying a patch is the recommended action to fix this issue.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
VulDB	CNA	5.3 MEDIUM				CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 8%

Affected Products (NVD)

Vendor	Product	Version
free5gc	pcf	𝑥 ≤ 1.4.1

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

References

https://github.com/free5gc/free5gc/issues/803

https://github.com/free5gc/free5gc/issues/803#issue-3815770007

https://github.com/free5gc/pcf/

https://github.com/free5gc/pcf/commit/df535f5524314620715e842baf9723efbeb481a7

https://github.com/free5gc/pcf/pull/62

https://vuldb.com/?ctiid.343638

https://vuldb.com/?id.343638

https://vuldb.com/?submit.741194