CVE-2026-2525 – A denial-of-service vulnerability exists in Fre... (How to Fix)

Q: What is the severity of CVE-2026-2525?

CVE-2026-2525 has a CVSS score of 5.3 (MEDIUM). A denial-of-service vulnerability exists in Free5GC's PFCP UDP Endpoint component, allowing remote attackers to crash the service by sending specially crafted packets. This affects all Free5GC deployments up to version 4.1.0 that use the vulnerable PFCP functionality.

📋 TL;DR

A denial-of-service vulnerability exists in Free5GC's PFCP UDP Endpoint component, allowing remote attackers to crash the service by sending specially crafted packets. This affects all Free5GC deployments up to version 4.1.0 that use the vulnerable PFCP functionality.

💻 Affected Systems

Products:

Free5GC

Versions: Up to and including version 4.1.0

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments using PFCP UDP Endpoint functionality are affected. The vulnerability is in the core PFCP protocol handling.

📦 What is this software?

Free5gc by Free5gc

View all CVEs affecting Free5gc →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of Free5GC core network functions, potentially affecting mobile network connectivity for all users served by the vulnerable instance.

🟠

Likely Case

Service crashes requiring manual restart, causing temporary service outages and potential data loss for in-flight sessions.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring allowing quick detection and recovery.

🌐 Internet-Facing: HIGH - Attack can be launched remotely without authentication, making internet-exposed instances particularly vulnerable.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could still exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details have been publicly disclosed in GitHub issues. The vulnerability requires sending malformed PFCP packets to the UDP endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 4.1.1 or later

Vendor Advisory: https://github.com/free5gc/free5gc/issues/796

Restart Required: Yes

Instructions:

1. Update Free5GC to version 4.1.1 or later. 2. Restart all Free5GC services. 3. Verify the PFCP UDP Endpoint is functioning correctly.

🔧 Temporary Workarounds

Network Access Control

linux

Restrict access to PFCP UDP port (8805 by default) to trusted sources only using firewall rules.

iptables -A INPUT -p udp --dport 8805 -s trusted_ip_range -j ACCEPT
iptables -A INPUT -p udp --dport 8805 -j DROP

Rate Limiting

linux

Implement rate limiting on PFCP UDP traffic to reduce impact of DoS attempts.

iptables -A INPUT -p udp --dport 8805 -m limit --limit 100/sec --limit-burst 200 -j ACCEPT
iptables -A INPUT -p udp --dport 8805 -j DROP

🧯 If You Can't Patch

Implement strict network segmentation to isolate Free5GC instances from untrusted networks
Deploy intrusion detection systems to monitor for malformed PFCP packets and alert on potential exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check Free5GC version: if version is 4.1.0 or earlier, the system is vulnerable. Verify PFCP UDP endpoint is listening on port 8805.

Check Version:

free5gc version

Verify Fix Applied:

After patching, verify version is 4.1.1 or later and test PFCP functionality with legitimate traffic.

📡 Detection & Monitoring

Log Indicators:

Unexpected PFCP endpoint crashes
Error messages related to malformed PFCP packets
Service restart logs without normal shutdown

Network Indicators:

Unusual volume of UDP traffic on port 8805
Malformed PFCP packets in network captures
Source IPs sending abnormal PFCP message sequences

SIEM Query:

source="free5gc" AND ("crash" OR "panic" OR "segmentation fault") AND "PFCP"

📊 Metadata

CVE ID: CVE-2026-2525

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE: CWE-404

Published: February 16, 2026

Last Updated: February 19, 2026

🔗 References

https://github.com/free5gc/free5gc/ Product
https://github.com/free5gc/free5gc/issues/796 Exploit,Issue Tracking,Vendor Advisory
https://github.com/free5gc/free5gc/issues/796#issue-3812169865 Exploit,Issue Tracking,Vendor Advisory
https://vuldb.com/?ctiid.346113 Permissions Required,VDB Entry
https://vuldb.com/?id.346113 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.739509 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-2525, you might also want to check these: