CVE-2026-1975 is a security vulnerability identified in Free5GC, an open-source 5G core network implementation, affecting versions 4.0 and 4.1.0. The flaw resides in the identityTriggerType function within the pfcp_reports.go source file, where improper handling leads to a null pointer dereference. This condition occurs when the function attempts to access or manipulate data via a pointer that has not been properly initialized or validated, causing the program to crash or behave unpredictably. The vulnerability can be triggered remotely without requiring any authentication or user interaction, making it accessible to unauthenticated attackers over the network. Exploiting this flaw can result in denial of service (DoS) by crashing the affected Free5GC component, potentially disrupting 5G core network operations that rely on this software. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and low impact on availability (VA:L), culminating in a base score of 6.9, categorized as medium severity. Although no active exploitation has been reported in the wild, a public exploit has been released, increasing the risk of future attacks. Free5GC is widely used in research, testing, and some production 5G networks, making this vulnerability relevant to operators and organizations deploying 5G infrastructure. The lack of authentication and user interaction requirements lowers the barrier for attackers to cause service interruptions. The vulnerability does not appear to impact confidentiality or integrity directly but can degrade network availability and reliability. Given the critical role of 5G core networks in telecommunications, even a medium severity DoS can have significant operational consequences.

The primary impact of CVE-2026-1975 is denial of service against Free5GC-based 5G core network components. Successful exploitation can cause the affected process to crash due to null pointer dereference, leading to service interruptions. This can degrade network availability, affecting subscribers' connectivity and potentially disrupting critical communications services. Organizations relying on Free5GC for 5G core functions may experience outages or degraded performance, impacting customer experience and operational continuity. While the vulnerability does not directly compromise data confidentiality or integrity, the resulting service disruption can have cascading effects on dependent systems and services. In environments where Free5GC is integrated into production networks, this could affect mobile network operators, enterprises deploying private 5G networks, and critical infrastructure sectors relying on 5G connectivity. The ease of remote exploitation without authentication increases the risk of opportunistic attacks, especially if the vulnerable service is exposed to untrusted networks. The public availability of an exploit further elevates the threat, potentially leading to automated attacks or widespread scanning for vulnerable instances.

1. Apply official patches or updates from the Free5GC project as soon as they become available to address the null pointer dereference vulnerability. 2. If patches are not immediately available, implement network segmentation and firewall rules to restrict access to Free5GC management and control interfaces, limiting exposure to trusted internal networks only. 3. Deploy intrusion detection and prevention systems (IDS/IPS) with signatures or heuristics capable of detecting anomalous PFCP messages or malformed packets targeting the identityTriggerType function. 4. Monitor Free5GC logs and system metrics for signs of crashes or abnormal behavior indicative of exploitation attempts. 5. Conduct regular security assessments and penetration testing focused on 5G core components to identify and remediate similar vulnerabilities proactively. 6. Employ redundancy and failover mechanisms in 5G core network architecture to minimize service disruption in case of component failure. 7. Educate network operations teams about this vulnerability and ensure incident response plans include procedures for handling potential DoS attacks against 5G core infrastructure. 8. Limit exposure of Free5GC services to the public internet unless absolutely necessary, and use VPNs or secure tunnels for remote access.