CVE-2026-1974 identifies a denial of service vulnerability in Free5GC, an open-source 5G core network platform widely used for 5G network function virtualization and testing. The vulnerability is located in the SMF (Session Management Function) component, specifically in the ResolveNodeIdToIp function within the internal/sbi/processor/datapath.go file. This function is responsible for resolving node identifiers to IP addresses, a critical step in routing and managing 5G network sessions. Improper handling or manipulation of inputs to this function can trigger a denial of service condition, causing the SMF to crash or become unresponsive, thereby disrupting session management and potentially impacting the entire 5G core network's availability. The vulnerability can be exploited remotely over the network without the need for authentication or user interaction, increasing the attack surface. The CVSS v4.0 score of 6.9 reflects a medium severity, primarily due to the impact on availability and ease of exploitation. Although no active exploitation has been reported, a public exploit is available, which could facilitate attacks by malicious actors. Free5GC versions 4.0 and 4.1.0 are confirmed affected, and users are advised to apply patches or updates once available. This vulnerability highlights the risks associated with open-source 5G core implementations and the importance of rigorous input validation and error handling in critical telecom infrastructure components.

The primary impact of CVE-2026-1974 is the disruption of 5G core network services due to denial of service in the SMF component. This can lead to session management failures, dropped connections, and degraded network performance, affecting end-user experience and potentially causing outages in 5G services. For telecom operators and enterprises relying on Free5GC for 5G core functions, this vulnerability could result in service downtime, loss of revenue, and damage to reputation. The remote and unauthenticated nature of the exploit increases the risk of widespread attacks, especially in environments where Free5GC is exposed to untrusted networks. Additionally, disruption in 5G core functions could impact critical services that depend on 5G connectivity, including IoT deployments, emergency communications, and industrial automation. While no known active exploitation is reported, the availability of a public exploit lowers the barrier for attackers to launch DoS attacks, potentially leading to targeted or opportunistic disruptions. Organizations worldwide deploying Free5GC or similar open-source 5G core solutions must consider the operational and security implications of this vulnerability.

To mitigate CVE-2026-1974, organizations should promptly apply the official patches or updates released by the Free5GC maintainers addressing the ResolveNodeIdToIp function vulnerability. In the absence of an immediate patch, network administrators should implement strict network segmentation and firewall rules to restrict access to the SMF interfaces, limiting exposure to untrusted networks. Deploying intrusion detection and prevention systems (IDS/IPS) with signatures tuned to detect anomalous or malformed requests targeting the SMF can help identify and block exploitation attempts. Regularly monitoring SMF logs and system health metrics can provide early warning signs of attempted or successful DoS attacks. Additionally, organizations should conduct thorough input validation and fuzz testing on their 5G core components to identify and remediate similar vulnerabilities proactively. Employing redundancy and failover mechanisms for the SMF can reduce the impact of potential service disruptions. Finally, maintaining an up-to-date asset inventory and vulnerability management program focused on 5G infrastructure components will ensure timely detection and response to emerging threats.