CVE-2026-1975
Published: 06 February 2026
Summary
CVE-2026-1975 is a medium-severity Improper Resource Shutdown or Release (CWE-404) vulnerability in Free5Gc Free5Gc. Its CVSS base score is 5.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 35.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2026-1975 is a null pointer dereference vulnerability in the identityTriggerType function within the pfcp_reports.go file of Free5GC, affecting versions up to 4.1.0. Free5GC is an open-source implementation of 5G core network functions. The flaw, associated with CWE-404 ( Improper Resource Shutdown or Release) and CWE-476 (NULL Pointer Dereference), has a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L), indicating medium severity with low impact primarily on availability.
The vulnerability can be exploited remotely by unauthenticated attackers over the network with low complexity and no user interaction required. Successful exploitation triggers a null pointer dereference, resulting in a denial-of-service condition through application crashes or instability, but without impacts on confidentiality or integrity.
Mitigation involves applying patches, as advised in the vulnerability disclosure. Relevant GitHub references include free5gc/free5gc issues #814 and the associated comment #3831993593, along with a pull request in free5gc/smf #189 that addresses the issue. An exploit is publicly available, increasing the risk of real-world attacks on unpatched systems.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-5603
Vulnerability details
A security flaw has been discovered in Free5GC up to 4.1.0. This impacts the function identityTriggerType of the file pfcp_reports.go. The manipulation results in null pointer dereference. The attack can be executed remotely. The exploit has been released to the…
more
public and may be used for attacks. Applying a patch is advised to resolve this issue.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated null dereference exploit in public-facing 5G network function directly enables T1190 for initial access and T1499.004 for application-layer DoS via crafted input.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely application of patches to remediate the publicly disclosed null-pointer flaw in pfcp_reports.go before remote exploitation occurs.
Requires validation of PFCP protocol inputs to the identityTriggerType function, blocking the malformed messages that trigger the null dereference.
Mandates consistent error handling for unexpected null conditions so that a dereference results in graceful termination rather than a DoS crash.