Session Management Function Vulnerability in free5GC by free5GC Project
CVE-2026-26025

6.6MEDIUM

Key Information:

Vendor: Free5gc
Status: Smf
Vendor: CVE Published:; 24 February 2026

What is CVE-2026-26025?

The Session Management Function (SMF) in free5GC, an open-source project for 5G mobile core networks, is susceptible to interruption caused by malformed PFCP SessionReportRequest messages. When these malformed requests are processed, the SMF can panic and terminate unexpectedly. This vulnerability affects versions up to and including 1.4.1. Although no upstream fix is currently available, several mitigation strategies are proposed. Network administrators are advised to implement ACL/firewall rules to restrict the PFCP interface, ensuring that only trusted User Plane Function (UPF) IPs can access the SMF. Additionally, dropping or inspecting malformed PFCP messages at network boundaries and wrapping PFCP handler dispatch calls with a recovery function can help prevent total process termination.

Affected Version(s)

smf <= 1.4.1

References

https://github.com/free5gc/free5gc/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/free5gc/free5gc/issues/807

x_refsource_MISC

CVSS V4

Score:

6.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 24, 2026
Vulnerability Reserved
Feb 9, 2026

CVE-2026-26025 Data

JSON

Free5gc

What is CVE-2026-26025?

Affected Version(s)

References

CVSS V4

Timeline