CVE-2026-1683
Last modified
CVE-2026-1683 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. A vulnerability has been found in Free5GC SMF up to 4.1.0. Affected by this vulnerability is the function HandlePfcpSessionReportRequest of the file internal/pfcp/handler/handler.go of the component PFCP. EPSS estimates a 0.64% chance of exploitation in the next 30 days.
Description
A vulnerability has been found in Free5GC SMF up to 4.1.0. Affected by this vulnerability is the function HandlePfcpSessionReportRequest of the file internal/pfcp/handler/handler.go of the component PFCP. The manipulation leads to denial of service. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. To fix this issue, it is recommended to deploy a patch.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Free5gc | Free5gc | <= 4.1.0 |
References
- https://github.com/free5gc/free5gc/issues/804Exploit, Issue Tracking
- https://github.com/free5gc/free5gc/issues/804#issue-3816086696Exploit, Issue Tracking, Vendor Advisory
- https://github.com/free5gc/smf/pull/188Issue Tracking
- https://vuldb.com/?ctiid.343476Permissions Required, VDB Entry
- https://vuldb.com/?id.343476Third Party Advisory, VDB Entry
- https://vuldb.com/?submit.739653Third Party Advisory, VDB Entry
- https://vuldb.com/?submit.739654Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2026-1683?
How severe is CVE-2026-1683?
How do I fix CVE-2026-1683?
Are you affected by CVE-2026-1683?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST