{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-10T06:41:16.254","vulnerabilities":[{"cve":{"id":"CVE-2026-26024","sourceIdentifier":"security-advisories@github.com","published":"2026-02-24T01:16:15.087","lastModified":"2026-02-25T16:27:56.640","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, SMF panics and terminates when processing a malformed PFCP SessionReportRequest on the PFCP (UDP/8805) interface. No known upstream fix is available, but some workarounds are available. ACL/firewall the PFCP interface so only trusted UPF IPs can reach SMF (reduce spoofing/abuse surface); drop/inspect malformed PFCP SessionReportRequest messages at the network edge where feasible, and/or add recover() around PFCP handler dispatch to avoid whole-process termination (mitigation only)."},{"lang":"es","value":"free5GC SMF proporciona la Función de Gestión de Sesión para free5GC, un proyecto de código abierto para redes centrales móviles de quinta generación (5G). En versiones hasta la 1.4.1 inclusive, SMF entra en pánico y termina al procesar una PFCP SessionReportRequest malformada en la interfaz PFCP (UDP/8805). No hay una solución ascendente conocida disponible, pero hay algunas soluciones alternativas disponibles. Aplique ACL/cortafuegos a la interfaz PFCP para que solo las IP de UPF de confianza puedan alcanzar SMF (reducir la superficie de suplantación/abuso); descarte/inspeccione los mensajes PFCP SessionReportRequest malformados en el borde de la red donde sea factible, y/o añada recover() alrededor del despacho del gestor PFCP para evitar la terminación de todo el proceso (solo mitigación)."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:free5gc:smf:*:*:*:*:*:go:*:*","versionEndIncluding":"1.4.1","matchCriteriaId":"D77A49EF-55CF-4F12-AAA2-2383C47AB810"}]}]}],"references":[{"url":"https://github.com/free5gc/free5gc/issues/807","source":"security-advisories@github.com","tags":["Exploit","Issue Tracking"]},{"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-mrv4-m9wc-c4g9","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}