Description
A security flaw has been discovered in Free5GC up to 4.1.0. This impacts the function identityTriggerType of the file pfcp_reports.go. The manipulation results in null pointer dereference. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Applying a patch is advised to resolve this issue.
Published: 2026-02-06
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via null pointer dereference
Action: Patch
AI Analysis

Impact

A flaw in Free5GC’s pfcp_reports.go function identityTriggerType can lead to a null pointer dereference. The resulting crash disrupts the PFCP processing component, potentially causing a loss of service availability. The vulnerability is exploitable remotely, and publicly disclosed exploits may trigger the crash for an attacker. The impact is primarily disruptive.

Affected Systems

The vulnerability affects all Free5GC releases up to and including version 4.1.0. Administrators running these versions should review their deployment versions and plan an upgrade.

Risk and Exploitability

The flaw carries a CVSS score of 6.9, indicating moderate severity. The EPSS score is below 1%, implying a low exploitation probability at this time. The vulnerability is not listed in the CISA KEV catalog. It can be triggered over the network by a remote attacker, suggesting that exposed PFCP endpoints may be targeted. Due to the low exploitation probability, the immediate risk is moderate, but the potential service disruption warrants prompt remediation.

Generated by OpenCVE AI on April 18, 2026 at 18:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Free5GC to the latest release that includes the patch for the identityTriggerType null pointer dereference (see pull request 189).
  • If an immediate upgrade is not possible, isolate or block PFCP traffic that triggers the identityTriggerType function to mitigate crash risk until a patch is applied.
  • Monitor system logs for PFCP crash events.

Generated by OpenCVE AI on April 18, 2026 at 18:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 09 Feb 2026 15:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:free5gc:free5gc:*:*:*:*:*:*:*:*

Fri, 06 Feb 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Free5gc
Free5gc free5gc
Vendors & Products Free5gc
Free5gc free5gc

Fri, 06 Feb 2026 03:15:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in Free5GC up to 4.1.0. This impacts the function identityTriggerType of the file pfcp_reports.go. The manipulation results in null pointer dereference. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Applying a patch is advised to resolve this issue.
Title Free5GC pfcp_reports.go identityTriggerType null pointer dereference
Weaknesses CWE-404
CWE-476
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Free5gc Free5gc
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T09:20:12.642Z

Reserved: 2026-02-05T13:33:51.369Z

Link: CVE-2026-1975

cve-icon Vulnrichment

Updated: 2026-02-06T19:33:31.040Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-06T03:15:49.313

Modified: 2026-02-09T15:15:28.157

Link: CVE-2026-1975

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T18:30:07Z

Weaknesses