CVE-2026-26024

Name of the Vulnerable Software and Affected Versions free5GC SMF versions up to and including 1.4.1

Description free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation (5G) mobile core networks. The SMF component experiences a panic and terminates when processing a malformed PFCP SessionReportRequest on the PFCP interface (UDP/8805). This issue occurs when receiving a malformed message via the PFCP interface. No upstream fix is currently available. Mitigation strategies include applying Access Control Lists (ACLs) or a firewall to the PFCP interface to restrict access to trusted UPF IPs, dropping or inspecting malformed PFCP SessionReportRequest messages at the network edge, or adding a recover function around the PFCP handler dispatch to prevent complete process termination.

Recommendations free5GC SMF versions up to and including 1.4.1: Apply ACL/firewall rules to the PFCP interface (UDP/8805) to allow only trusted UPF IPs to connect. free5GC SMF versions up to and including 1.4.1: Drop or inspect malformed PFCP SessionReportRequest messages at the network edge. free5GC SMF versions up to and including 1.4.1: Add a recover function around the PFCP handler dispatch to prevent process termination.