CVE-2026-1739 is a vulnerability discovered in the Free5GC open-source 5G core network implementation, specifically affecting the Policy Control Function (pcf) component up to version 1.4.1. The issue is located in the HandleCreateSmPolicyRequest function within the internal/sbi/processor/smpolicy.go source file. The vulnerability manifests as a null pointer dereference triggered by crafted requests to the pcf, which leads to a crash of the pcf service. Since the pcf is responsible for policy control decisions in 5G networks, its unavailability can disrupt network operations. The vulnerability can be exploited remotely without requiring any authentication or user interaction, increasing the risk of denial-of-service attacks against affected deployments. The CVSS v4.0 base score is 6.9, reflecting medium severity, with an attack vector of network and low complexity. The vulnerability does not impact confidentiality, integrity, or availability beyond causing service disruption (denial of service). A patch has been released and identified by commit df535f5524314620715e842baf9723efbeb481a7, which fixes the null pointer dereference by adding proper input validation and error handling in the affected function. No public exploits are currently known to be in the wild, but the vulnerability has been publicly disclosed, which may increase the risk of exploitation attempts.

The primary impact of CVE-2026-1739 is denial of service against the Free5GC pcf component, which can cause interruption of policy control functions in 5G core networks. This disruption can degrade or halt network services that rely on dynamic policy enforcement, affecting subscriber experience and potentially causing outages in mobile network operator environments. Since the pcf is a critical network function, its failure can impact network availability and operational stability. However, the vulnerability does not allow for privilege escalation, data leakage, or unauthorized access, limiting the impact to availability. Organizations deploying Free5GC in production 5G networks, especially those using versions 1.4.0 and 1.4.1, are at risk of service disruption if this vulnerability is exploited. The remote and unauthenticated nature of the exploit increases the attack surface, making it a concern for operators exposing pcf interfaces to untrusted networks.

To mitigate CVE-2026-1739, organizations should immediately apply the official patch identified by commit df535f5524314620715e842baf9723efbeb481a7 to update Free5GC pcf to a fixed version. In addition to patching, network operators should implement strict network segmentation and firewall rules to restrict access to the pcf interfaces, allowing only trusted management and network elements to communicate with it. Monitoring and logging of pcf service health and anomalous requests can help detect potential exploitation attempts early. Employing rate limiting on pcf API endpoints may reduce the risk of denial-of-service attacks exploiting this vulnerability. Regularly updating Free5GC components and subscribing to security advisories will ensure timely awareness of new vulnerabilities and patches. Finally, conducting security testing and validation of 5G core network components before deployment can help identify similar issues proactively.