CVE-2026-1973 is a vulnerability identified in Free5GC, an open-source 5G core network implementation widely used for research and some commercial deployments. The flaw resides in the SMF (Session Management Function) component, specifically within the establishPfcpSession function. This function is responsible for establishing PFCP (Packet Forwarding Control Protocol) sessions, which are critical for managing user plane traffic in 5G networks. The vulnerability is a null pointer dereference, which occurs when the function attempts to access or manipulate memory through a pointer that has not been properly initialized or has been set to null. This can cause the affected process to crash or behave unpredictably, resulting in a denial of service (DoS) condition. The vulnerability can be triggered remotely without any authentication or user interaction, making it accessible to unauthenticated attackers over the network. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no privileges required, no user interaction, and low impact on confidentiality and integrity but low availability impact, consistent with a DoS scenario. Although no exploits are currently reported in the wild, the public disclosure increases the risk of exploitation attempts. The affected versions are Free5GC 4.0 and 4.1.0, and the issue has been fixed in later releases, though no direct patch links are provided in the source data.

For European organizations, particularly telecom operators and infrastructure providers deploying Free5GC as part of their 5G core networks, this vulnerability poses a risk of service disruption. A successful exploitation could cause the SMF component to crash, leading to interruption of session management functions and degradation or outage of 5G user plane traffic. This can impact end-user connectivity, degrade quality of service, and potentially affect critical services relying on 5G networks. Given the increasing reliance on 5G for industrial automation, smart cities, and emergency services in Europe, such disruptions could have broader socioeconomic consequences. Although the vulnerability does not directly compromise data confidentiality or integrity, the availability impact alone is significant for network operators. The risk is heightened in countries with advanced 5G rollouts and where Free5GC or similar open-source 5G core solutions are in use.

European organizations should prioritize upgrading Free5GC to versions beyond 4.1.0 where this vulnerability is resolved. In the absence of immediate patches, network operators should implement network-level protections such as filtering and rate limiting PFCP traffic to the SMF component to reduce exposure. Deploying intrusion detection systems (IDS) tuned to detect anomalous PFCP session establishment attempts can help identify exploitation attempts early. Network segmentation and strict access controls should be enforced to limit exposure of the SMF to untrusted networks. Regular monitoring of system logs and crash reports can aid in early detection of exploitation attempts. Additionally, organizations should engage with Free5GC community and vendors for timely updates and security advisories. Testing updates in controlled environments before production deployment is recommended to ensure stability.