Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.6
free5GC SMF Crashes When Processing Malformed Network Message
CVE-2026-26024
Summary
A bug in the free5GC SMF system causes it to shut down when it receives a corrupted message. This can be exploited by malicious actors to disrupt network services. To mitigate this, consider blocking unknown IP addresses or inspecting network traffic to prevent malicious messages from reaching the system.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| free5gc | smf | <= 1.4.1 | – |
Original title
free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, SMF panics and terminates w...
Original description
free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, SMF panics and terminates when processing a malformed PFCP SessionReportRequest on the PFCP (UDP/8805) interface. No known upstream fix is available, but some workarounds are available. ACL/firewall the PFCP interface so only trusted UPF IPs can reach SMF (reduce spoofing/abuse surface); drop/inspect malformed PFCP SessionReportRequest messages at the network edge where feasible, and/or add recover() around PFCP handler dispatch to avoid whole-process termination (mitigation only).
nvd CVSS3.1
7.5
nvd CVSS4.0
6.6
Vulnerability type
CWE-476
NULL Pointer Dereference
- https://github.com/free5gc/free5gc/issues/807 Exploit Issue Tracking
- https://github.com/free5gc/free5gc/security/advisories/GHSA-mrv4-m9wc-c4g9 Vendor Advisory
Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026