CVE-2026-1739 is a vulnerability identified in the Free5GC open-source 5G core network implementation, specifically affecting the Policy Control Function (pcf) component in versions 1.4.0 and 1.4.1. The flaw exists in the HandleCreateSmPolicyRequest function within the internal/sbi/processor/smpolicy.go source file, where improper handling of input leads to a null pointer dereference. This results in the pcf process crashing, causing a denial of service (DoS) condition. The vulnerability is remotely exploitable without requiring authentication or user interaction, making it accessible to any attacker with network access to the pcf service interface. The CVSS v4.0 score is 6.9, reflecting a medium severity level due to the impact on availability and ease of exploitation. The vulnerability does not affect confidentiality or integrity directly but can disrupt 5G policy control operations, which are critical for managing network slices, QoS, and subscriber policies. The patch identified by commit df535f5524314620715e842baf9723efbeb481a7 addresses the null pointer dereference by adding proper input validation and error handling. While no active exploits have been reported in the wild, the public disclosure of the exploit code increases the risk of opportunistic attacks. Given the central role of pcf in 5G core networks, exploitation could lead to service interruptions affecting end-users and enterprise customers relying on 5G connectivity.

For European organizations, especially telecom operators and service providers deploying Free5GC as part of their 5G core infrastructure, this vulnerability poses a risk of service disruption. A successful exploit can crash the pcf component, leading to denial of service in policy control functions, which manage subscriber policies, QoS, and network slicing. This disruption can degrade network performance, cause dropped connections, or prevent new sessions from being established, impacting both consumer and critical infrastructure services. Enterprises relying on 5G for IoT, industrial automation, or emergency services may experience operational interruptions. Additionally, the vulnerability could be leveraged as part of a broader attack chain to degrade network reliability or as a distraction while other attacks are conducted. The medium severity rating reflects that while the vulnerability does not allow data theft or privilege escalation, the availability impact on critical telecom infrastructure is significant. European regulators and operators must consider the potential cascading effects on dependent services and comply with network resilience requirements.

The primary mitigation is to apply the official patch identified by commit df535f5524314620715e842baf9723efbeb481a7 to Free5GC pcf versions 1.4.0 and 1.4.1 immediately. Operators should verify the integrity and successful deployment of the patch in their environments. Additional mitigations include: 1) Implementing network segmentation and strict access controls to limit exposure of the pcf service interface to trusted management networks only. 2) Deploying intrusion detection/prevention systems (IDS/IPS) with signatures or anomaly detection rules to identify malformed or suspicious requests targeting the HandleCreateSmPolicyRequest function. 3) Monitoring pcf service logs and system health metrics for signs of crashes or unusual activity indicative of exploitation attempts. 4) Establishing incident response procedures to quickly isolate and recover affected components. 5) Conducting regular security assessments and penetration testing on 5G core components to identify and remediate vulnerabilities proactively. 6) Collaborating with Free5GC community and vendors for timely updates and threat intelligence sharing.