Free5GC SMF PFCP handler.go HandlePfcpSessionReportRequest denial of service_CVE-2026-1683

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in Free5GC SMF up to 4.1.0. Affected by this vulnerability is the function HandlePfcpSessionReportRequest of the file internal/pfcp/handler/handler.go of the component PFCP. The manipulation leads to denial of service. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. To fix this issue, it is recommended to deploy a patch.

Basic Information

ID CVE-2026-1683

Source VulDB

Published Jan 30, 2026 at 14:02

Affected Product

Vendor Free5GC

Product SMF

Version 4.0

Affected Versions Free5GC SMF 4.0
Free5GC SMF 4.1.0

CWE Classification

CWE-404

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in Free5GC SMF up to 4.1.0. Affected by this vulnerability is the function HandlePfcpSessionReportRequest of the file internal/pfcp/handler/handler.go of the component PFCP. The manipulation leads to denial of service. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. To fix this issue, it is recommended to deploy a patch.",
    "published": "2026-01-30T14:02:09.654Z",
    "modified": "2026-01-30T14:02:09.654Z",
    "type": "cve",
    "title": "Free5GC SMF PFCP handler.go HandlePfcpSessionReportRequest denial of service",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.343476\nhttps://vuldb.com/?ctiid.343476\nhttps://vuldb.com/?submit.739653\nhttps://vuldb.com/?submit.739654\nhttps://github.com/free5gc/free5gc/issues/804\nhttps://github.com/free5gc/free5gc/issues/804#issue-3816086696\nhttps://github.com/free5gc/smf/pull/188",
    "id": "CVE-2026-1683",
    "bulletinFamily": "",
    "cwe": [
        "CWE-404"
    ],
    "cvelist": null,
    "sourceData": "Free5GC SMF 4.0\nFree5GC SMF 4.1.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SMF",
    "version": "4.0",
    "vendor": "Free5GC",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}