Search criteria
6 vulnerabilities found for pcf by free5gc
CVE-2026-41135 (GCVE-0-2026-41135)
Vulnerability from nvd – Published: 2026-04-21 23:49 – Updated: 2026-04-22 14:19
VLAI
Title
free5GC PCF: Memory Leak via CORS Middleware Registration in HTTP Handler Leads to Denial of Service
Summary
free5GC UDR is the Policy Control Function (PCF) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. A memory leak vulnerability in versions prior to 1.4.3 allows any unauthenticated attacker with network access to the PCF SBI interface to cause uncontrolled memory growth by sending repeated HTTP requests to the OAM endpoint. The root cause is a `router.Use()` call inside an HTTP handler that registers a new CORS middleware on every incoming request, permanently growing the Gin router's handler chain. This leads to progressive memory exhaustion and eventual Denial of Service of the PCF, preventing all UEs from obtaining AM and SM policies and blocking 5G session establishment. Version 1.4.3 contains a patch.
Severity
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/free5gc/free5gc/security/advis… | x_refsource_CONFIRM |
| https://github.com/free5gc/pcf/commit/599803b1b2e… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41135",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-22T14:19:35.605073Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T14:19:58.909Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/free5gc/free5gc/security/advisories/GHSA-98cp-84m9-q3qp"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pcf",
"vendor": "free5gc",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "free5GC UDR is the Policy Control Function (PCF) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. A memory leak vulnerability in versions prior to 1.4.3 allows any unauthenticated attacker with network access to the PCF SBI interface to cause uncontrolled memory growth by sending repeated HTTP requests to the OAM endpoint. The root cause is a `router.Use()` call inside an HTTP handler that registers a new CORS middleware on every incoming request, permanently growing the Gin router\u0027s handler chain. This leads to progressive memory exhaustion and eventual Denial of Service of the PCF, preventing all UEs from obtaining AM and SM policies and blocking 5G session establishment. Version 1.4.3 contains a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T23:49:19.659Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/free5gc/free5gc/security/advisories/GHSA-98cp-84m9-q3qp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/free5gc/free5gc/security/advisories/GHSA-98cp-84m9-q3qp"
},
{
"name": "https://github.com/free5gc/pcf/commit/599803b1b2eb4611e26d5216481ee142bce71a16",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/free5gc/pcf/commit/599803b1b2eb4611e26d5216481ee142bce71a16"
}
],
"source": {
"advisory": "GHSA-98cp-84m9-q3qp",
"discovery": "UNKNOWN"
},
"title": "free5GC PCF: Memory Leak via CORS Middleware Registration in HTTP Handler Leads to Denial of Service"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-41135",
"datePublished": "2026-04-21T23:49:19.659Z",
"dateReserved": "2026-04-17T12:59:15.738Z",
"dateUpdated": "2026-04-22T14:19:58.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1739 (GCVE-0-2026-1739)
Vulnerability from nvd – Published: 2026-02-02 02:02 – Updated: 2026-02-23 09:12 X_Open Source
VLAI
Title
Free5GC pcf smpolicy.go HandleCreateSmPolicyRequest null pointer dereference
Summary
A vulnerability has been found in Free5GC pcf up to 1.4.1. This affects the function HandleCreateSmPolicyRequest of the file internal/sbi/processor/smpolicy.go. The manipulation leads to null pointer dereference. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is df535f5524314620715e842baf9723efbeb481a7. Applying a patch is the recommended action to fix this issue.
Severity
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.343638 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.343638 | signaturepermissions-required |
| https://vuldb.com/?submit.741194 | third-party-advisory |
| https://github.com/free5gc/free5gc/issues/803 | issue-tracking |
| https://github.com/free5gc/pcf/pull/62 | issue-tracking |
| https://github.com/free5gc/free5gc/issues/803#iss… | exploitissue-tracking |
| https://github.com/free5gc/pcf/commit/df535f55243… | patch |
| https://github.com/free5gc/pcf/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1739",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-02T14:18:12.449884Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T14:21:17.064Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:free5gc:pcf:*:*:*:*:*:*:*:*"
],
"product": "pcf",
"vendor": "Free5GC",
"versions": [
{
"status": "affected",
"version": "1.4.0"
},
{
"status": "affected",
"version": "1.4.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZiyuLin (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Free5GC pcf up to 1.4.1. This affects the function HandleCreateSmPolicyRequest of the file internal/sbi/processor/smpolicy.go. The manipulation leads to null pointer dereference. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is df535f5524314620715e842baf9723efbeb481a7. Applying a patch is the recommended action to fix this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T09:12:55.936Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-343638 | Free5GC pcf smpolicy.go HandleCreateSmPolicyRequest null pointer dereference",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.343638"
},
{
"name": "VDB-343638 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.343638"
},
{
"name": "Submit #741194 | free5gc PCF v4.1.0 Denial of Service",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.741194"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/free5gc/free5gc/issues/803"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/free5gc/pcf/pull/62"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/free5gc/free5gc/issues/803#issue-3815770007"
},
{
"tags": [
"patch"
],
"url": "https://github.com/free5gc/pcf/commit/df535f5524314620715e842baf9723efbeb481a7"
},
{
"tags": [
"product"
],
"url": "https://github.com/free5gc/pcf/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-02-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-02-01T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-02-12T02:12:26.000Z",
"value": "VulDB entry last update"
}
],
"title": "Free5GC pcf smpolicy.go HandleCreateSmPolicyRequest null pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-1739",
"datePublished": "2026-02-02T02:02:10.383Z",
"dateReserved": "2026-02-01T07:50:20.426Z",
"dateUpdated": "2026-02-23T09:12:55.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66720 (GCVE-0-2025-66720)
Vulnerability from nvd – Published: 2026-01-23 00:00 – Updated: 2026-01-23 18:56
VLAI
Summary
Null pointer dereference in free5gc pcf 1.4.0 in file internal/sbi/processor/ampolicy.go in function HandleDeletePoliciesPolAssoId.
Severity
7.5 (High)
CWE
- n/a
Assigner
References
2 references
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-66720",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-23T18:54:49.296508Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-23T18:56:02.014Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Null pointer dereference in free5gc pcf 1.4.0 in file internal/sbi/processor/ampolicy.go in function HandleDeletePoliciesPolAssoId."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-23T15:29:48.300Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/free5gc/free5gc/issues/726"
},
{
"url": "https://github.com/free5gc/pcf/pull/57"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-66720",
"datePublished": "2026-01-23T00:00:00.000Z",
"dateReserved": "2025-12-08T00:00:00.000Z",
"dateUpdated": "2026-01-23T18:56:02.014Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41135 (GCVE-0-2026-41135)
Vulnerability from cvelistv5 – Published: 2026-04-21 23:49 – Updated: 2026-04-22 14:19
VLAI
Title
free5GC PCF: Memory Leak via CORS Middleware Registration in HTTP Handler Leads to Denial of Service
Summary
free5GC UDR is the Policy Control Function (PCF) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. A memory leak vulnerability in versions prior to 1.4.3 allows any unauthenticated attacker with network access to the PCF SBI interface to cause uncontrolled memory growth by sending repeated HTTP requests to the OAM endpoint. The root cause is a `router.Use()` call inside an HTTP handler that registers a new CORS middleware on every incoming request, permanently growing the Gin router's handler chain. This leads to progressive memory exhaustion and eventual Denial of Service of the PCF, preventing all UEs from obtaining AM and SM policies and blocking 5G session establishment. Version 1.4.3 contains a patch.
Severity
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/free5gc/free5gc/security/advis… | x_refsource_CONFIRM |
| https://github.com/free5gc/pcf/commit/599803b1b2e… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41135",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-22T14:19:35.605073Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T14:19:58.909Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/free5gc/free5gc/security/advisories/GHSA-98cp-84m9-q3qp"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pcf",
"vendor": "free5gc",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "free5GC UDR is the Policy Control Function (PCF) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. A memory leak vulnerability in versions prior to 1.4.3 allows any unauthenticated attacker with network access to the PCF SBI interface to cause uncontrolled memory growth by sending repeated HTTP requests to the OAM endpoint. The root cause is a `router.Use()` call inside an HTTP handler that registers a new CORS middleware on every incoming request, permanently growing the Gin router\u0027s handler chain. This leads to progressive memory exhaustion and eventual Denial of Service of the PCF, preventing all UEs from obtaining AM and SM policies and blocking 5G session establishment. Version 1.4.3 contains a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T23:49:19.659Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/free5gc/free5gc/security/advisories/GHSA-98cp-84m9-q3qp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/free5gc/free5gc/security/advisories/GHSA-98cp-84m9-q3qp"
},
{
"name": "https://github.com/free5gc/pcf/commit/599803b1b2eb4611e26d5216481ee142bce71a16",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/free5gc/pcf/commit/599803b1b2eb4611e26d5216481ee142bce71a16"
}
],
"source": {
"advisory": "GHSA-98cp-84m9-q3qp",
"discovery": "UNKNOWN"
},
"title": "free5GC PCF: Memory Leak via CORS Middleware Registration in HTTP Handler Leads to Denial of Service"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-41135",
"datePublished": "2026-04-21T23:49:19.659Z",
"dateReserved": "2026-04-17T12:59:15.738Z",
"dateUpdated": "2026-04-22T14:19:58.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1739 (GCVE-0-2026-1739)
Vulnerability from cvelistv5 – Published: 2026-02-02 02:02 – Updated: 2026-02-23 09:12 X_Open Source
VLAI
Title
Free5GC pcf smpolicy.go HandleCreateSmPolicyRequest null pointer dereference
Summary
A vulnerability has been found in Free5GC pcf up to 1.4.1. This affects the function HandleCreateSmPolicyRequest of the file internal/sbi/processor/smpolicy.go. The manipulation leads to null pointer dereference. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is df535f5524314620715e842baf9723efbeb481a7. Applying a patch is the recommended action to fix this issue.
Severity
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.343638 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.343638 | signaturepermissions-required |
| https://vuldb.com/?submit.741194 | third-party-advisory |
| https://github.com/free5gc/free5gc/issues/803 | issue-tracking |
| https://github.com/free5gc/pcf/pull/62 | issue-tracking |
| https://github.com/free5gc/free5gc/issues/803#iss… | exploitissue-tracking |
| https://github.com/free5gc/pcf/commit/df535f55243… | patch |
| https://github.com/free5gc/pcf/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1739",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-02T14:18:12.449884Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T14:21:17.064Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:free5gc:pcf:*:*:*:*:*:*:*:*"
],
"product": "pcf",
"vendor": "Free5GC",
"versions": [
{
"status": "affected",
"version": "1.4.0"
},
{
"status": "affected",
"version": "1.4.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ZiyuLin (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Free5GC pcf up to 1.4.1. This affects the function HandleCreateSmPolicyRequest of the file internal/sbi/processor/smpolicy.go. The manipulation leads to null pointer dereference. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is df535f5524314620715e842baf9723efbeb481a7. Applying a patch is the recommended action to fix this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T09:12:55.936Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-343638 | Free5GC pcf smpolicy.go HandleCreateSmPolicyRequest null pointer dereference",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.343638"
},
{
"name": "VDB-343638 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.343638"
},
{
"name": "Submit #741194 | free5gc PCF v4.1.0 Denial of Service",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.741194"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/free5gc/free5gc/issues/803"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/free5gc/pcf/pull/62"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/free5gc/free5gc/issues/803#issue-3815770007"
},
{
"tags": [
"patch"
],
"url": "https://github.com/free5gc/pcf/commit/df535f5524314620715e842baf9723efbeb481a7"
},
{
"tags": [
"product"
],
"url": "https://github.com/free5gc/pcf/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-02-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-02-01T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-02-12T02:12:26.000Z",
"value": "VulDB entry last update"
}
],
"title": "Free5GC pcf smpolicy.go HandleCreateSmPolicyRequest null pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-1739",
"datePublished": "2026-02-02T02:02:10.383Z",
"dateReserved": "2026-02-01T07:50:20.426Z",
"dateUpdated": "2026-02-23T09:12:55.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66720 (GCVE-0-2025-66720)
Vulnerability from cvelistv5 – Published: 2026-01-23 00:00 – Updated: 2026-01-23 18:56
VLAI
Summary
Null pointer dereference in free5gc pcf 1.4.0 in file internal/sbi/processor/ampolicy.go in function HandleDeletePoliciesPolAssoId.
Severity
7.5 (High)
CWE
- n/a
Assigner
References
2 references
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-66720",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-23T18:54:49.296508Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-23T18:56:02.014Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Null pointer dereference in free5gc pcf 1.4.0 in file internal/sbi/processor/ampolicy.go in function HandleDeletePoliciesPolAssoId."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-23T15:29:48.300Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/free5gc/free5gc/issues/726"
},
{
"url": "https://github.com/free5gc/pcf/pull/57"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-66720",
"datePublished": "2026-01-23T00:00:00.000Z",
"dateReserved": "2025-12-08T00:00:00.000Z",
"dateUpdated": "2026-01-23T18:56:02.014Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}