{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1684", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-01-30T07:35:57.699Z", "datePublished": "2026-01-30T14:32:07.043Z", "dateUpdated": "2026-02-23T09:08:43.099Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T09:08:43.099Z"}, "title": "Free5GC SMF PFCP UDP Endpoint pfcp_reports.go HandleReports denial of service", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-404", "lang": "en", "description": "Denial of Service"}]}], "affected": [{"vendor": "Free5GC", "product": "SMF", "versions": [{"version": "4.0", "status": "affected"}, {"version": "4.1.0", "status": "affected"}], "modules": ["PFCP UDP Endpoint"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Free5GC SMF up to 4.1.0. Affected by this issue is the function HandleReports of the file /internal/context/pfcp_reports.go of the component PFCP UDP Endpoint. The manipulation results in denial of service. The attack can be executed remotely. It is advisable to implement a patch to correct this issue."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P/E:ND/RL:OF/RC:C"}}], "timeline": [{"time": "2026-01-30T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-01-30T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-02-17T20:46:42.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "ZiyuLin (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.343477", "name": "VDB-343477 | Free5GC SMF PFCP UDP Endpoint pfcp_reports.go HandleReports denial of service", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.343477", "name": "VDB-343477 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.739655", "name": "Submit #739655 | free5gc SMF v4.1.0 Denial of Service", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/?submit.739656", "name": "Submit #739656 | free5gc SMF v4.1.0 Denial of Service (Duplicate)", "tags": ["third-party-advisory"]}, {"url": "https://github.com/free5gc/free5gc/issues/806", "tags": ["issue-tracking"]}, {"url": "https://github.com/free5gc/smf/pull/188", "tags": ["issue-tracking", "patch"]}, {"url": "https://github.com/free5gc/smf/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-30T14:58:58.156617Z", "id": "CVE-2026-1684", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-30T14:59:58.236Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1684", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-30T14:58:58.156617Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-30T14:59:21.557Z"}}], "cna": {"title": "Free5GC SMF PFCP UDP Endpoint pfcp_reports.go HandleReports denial of service", "credits": [{"lang": "en", "type": "reporter", "value": "ZiyuLin (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P/E:ND/RL:OF/RC:C"}}], "affected": [{"vendor": "Free5GC", "modules": ["PFCP UDP Endpoint"], "product": "SMF", "versions": [{"status": "affected", "version": "4.0"}, {"status": "affected", "version": "4.1.0"}]}], "timeline": [{"lang": "en", "time": "2026-01-30T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-01-30T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-02-17T20:46:42.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.343477", "name": "VDB-343477 | Free5GC SMF PFCP UDP Endpoint pfcp_reports.go HandleReports denial of service", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.343477", "name": "VDB-343477 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.739655", "name": "Submit #739655 | free5gc SMF v4.1.0 Denial of Service", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/?submit.739656", "name": "Submit #739656 | free5gc SMF v4.1.0 Denial of Service (Duplicate)", "tags": ["third-party-advisory"]}, {"url": "https://github.com/free5gc/free5gc/issues/806", "tags": ["issue-tracking"]}, {"url": "https://github.com/free5gc/smf/pull/188", "tags": ["issue-tracking", "patch"]}, {"url": "https://github.com/free5gc/smf/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Free5GC SMF up to 4.1.0. Affected by this issue is the function HandleReports of the file /internal/context/pfcp_reports.go of the component PFCP UDP Endpoint. The manipulation results in denial of service. The attack can be executed remotely. It is advisable to implement a patch to correct this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-404", "description": "Denial of Service"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T09:08:43.099Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1684", "state": "PUBLISHED", "dateUpdated": "2026-02-23T09:08:43.099Z", "dateReserved": "2026-01-30T07:35:57.699Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-01-30T14:32:07.043Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:free5gc:free5gc:*:*:*:*:*:*:*:*", "matchCriteriaId": "EF0DB381-157B-4D05-B3D3-A2419F1D0E05", "versionEndIncluding": "4.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Free5GC SMF up to 4.1.0. Affected by this issue is the function HandleReports of the file /internal/context/pfcp_reports.go of the component PFCP UDP Endpoint. The manipulation results in denial of service. The attack can be executed remotely. It is advisable to implement a patch to correct this issue."}], "id": "CVE-2026-1684", "lastModified": "2026-02-23T10:16:18.970", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-01-30T15:16:08.790", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://github.com/free5gc/free5gc/issues/806"}, {"source": "cna@vuldb.com", "url": "https://github.com/free5gc/smf/"}, {"source": "cna@vuldb.com", "tags": ["Issue Tracking"], "url": "https://github.com/free5gc/smf/pull/188"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.343477"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.343477"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.739655"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.739656"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-404"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T01:08:37.476267+00:00", "value": {"mitigation_remediation": ["Apply the patch provided in Free5GC\u2019s GitHub pull request\u00a0188 or upgrade to Free5GC SMF version 4.1.1 or later.", "If an immediate patch is unavailable, limit PFCP UDP traffic to known SMF peers using a firewall or bind the SMF process to a trusted interface.", "Monitor SMF logs for repeated PFCP report failures and schedule a graceful reboot or restart of the SMF service if crashes persist."], "summary": {"action": "Apply Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "This flaw affects Free5GC SMF versions up to 4.1.0. The issue is confined to the Free5GC SMF component, which implements the PFCP protocol over UDP. Administrators should verify that their deployed SMF does not run a version earlier than 4.1.1 and that the build is sourced from the official Free5GC repository.", "description_and_impact": "The vulnerability resides in the HandleReports function within the PFCP UDP Endpoint of Free5GC SMF. A malformed PFCP report, when processed, can cause the SMF to crash or become unresponsive, resulting in a denial of service. The weakness is a faulty handling of PFCP messages and is classified as CWE-404. Consequently, an attacker can interrupt normal SMF operations and deny service to users relying on the network.", "risk_and_exploitability": "The CVSS v3 score of 6.9 indicates a medium severity that can affect availability. Although the EPSS score is below 1\u00a0%, suggesting a low overall exploitation probability, the vulnerability is remotely exploitable via crafted PFCP UDP packets, removing the need for local access or privileged credentials. The flaw is not listed in CISA\u2019s KEV catalog, implying no widespread known exploits at present. Nevertheless, the remote nature and potential for service disruption warrant immediate attention, especially in production 5G core networks that rely on Free5GC SMF."}}}}, "created": "2026-02-02T09:27:29.509387+00:00", "updated": "2026-04-18T01:15:05.989663+00:00", "vendors": ["free5gc", "free5gc$PRODUCT$smf"]}