CVE-2026-26024 identifies a NULL pointer dereference vulnerability (CWE-476) in the Session Management Function (SMF) of free5GC, an open-source 5G core network project. The SMF component handles session management and communicates with User Plane Functions (UPFs) using the Packet Forwarding Control Protocol (PFCP) over UDP port 8805. In versions up to and including 1.4.1, the SMF improperly processes malformed PFCP SessionReportRequest messages, leading to a NULL pointer dereference that causes the SMF process to panic and terminate unexpectedly. This denial of service (DoS) disrupts the 5G core network's ability to manage sessions, potentially impacting subscriber connectivity and service continuity. The vulnerability is remotely exploitable without authentication or user interaction, increasing its risk profile. No official patch or fix has been released upstream, but mitigations include network-level access control lists (ACLs) or firewalls to restrict PFCP interface access to trusted UPF IP addresses, filtering or dropping malformed PFCP messages at the network perimeter, and adding application-level recovery code (e.g., recover() calls) around PFCP handler dispatch to prevent full process termination. The CVSS 4.0 base score is 6.6 (medium severity), reflecting the vulnerability's network attack vector, lack of required privileges, and high impact on availability. While confidentiality and integrity are unaffected, the availability impact on critical 5G core infrastructure is significant. This vulnerability highlights the importance of robust input validation and fault tolerance in telecom core network components.

The primary impact of CVE-2026-26024 is a denial of service condition in the 5G core network's Session Management Function, which is critical for maintaining subscriber sessions and mobility management. An attacker can remotely send malformed PFCP SessionReportRequest messages to cause the SMF to crash, disrupting session management and potentially causing service outages or degraded network performance. This can affect mobile network operators relying on free5GC for their 5G core infrastructure, leading to subscriber connectivity issues, dropped calls, interrupted data sessions, and overall reduced network reliability. The disruption could also impact emergency services and critical communications that depend on 5G networks. Since the vulnerability requires no authentication and can be exploited remotely, it increases the attack surface for adversaries, including nation-state actors or cybercriminals targeting telecom infrastructure. The lack of an official patch means organizations must rely on mitigations to reduce risk. The availability impact is high, while confidentiality and integrity remain unaffected. The vulnerability could also be leveraged as part of a larger attack chain to degrade network operations or distract defenders.

To mitigate CVE-2026-26024 effectively, organizations should implement the following specific measures: 1) Deploy strict Access Control Lists (ACLs) or firewall rules on the PFCP interface (UDP port 8805) to restrict traffic only to trusted User Plane Function (UPF) IP addresses, minimizing exposure to spoofed or malicious packets. 2) Implement deep packet inspection or protocol-aware filtering at the network edge to detect and drop malformed PFCP SessionReportRequest messages before they reach the SMF, reducing the risk of triggering the NULL pointer dereference. 3) Modify the SMF application code to add robust error handling and recovery mechanisms (e.g., recover() calls in Go) around PFCP message processing to prevent the entire process from terminating upon encountering malformed input. 4) Monitor SMF process health and implement automated restart mechanisms to quickly recover from crashes, minimizing service disruption. 5) Maintain network segmentation and isolate the PFCP interface from untrusted networks to reduce attack surface. 6) Stay informed about updates from the free5GC project and apply patches promptly once available. 7) Conduct regular security testing, including fuzzing of PFCP message handling, to identify and remediate similar vulnerabilities proactively. These targeted mitigations go beyond generic advice by focusing on protocol-specific filtering, network-level access restrictions, and application-level fault tolerance.