CVE-2026-40246
CVE-2026-40246 affects free5GC UDR (versions ≤ 1.4.2). The Delete handler for Traffic Influence Subscriptions validates influenceId ≠ subs-to-notify, returns 404, but does not stop execution, so the subsequent delete procedure runs and user-supplied subscription IDs can be deleted unauthenticated...