CVE-2026-44474 Ella Core: Handover failures during concurrent Security Mode Command

Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core didn't enforce security rules on concurrent running of security procedures defined in TS 33.501 §6.9.5.1 — it could send a NAS Security Mode Command while an N2 handover was still pending and vice versa. Concurrent...

free5GC 代码问题漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained code vulnerabilities. These vulnerabilities stemmed from the NEF patch handler’s inability to handle UDR calls properly, leading to null pointer dereferencing and...

CVE-2026-40343

free5GC UDR is the user data repository UDR for free5GC, an an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.2, a fail-open request handling flaw in the UDR service causes the /nudr-dr/v2/policy-data/subs-to-notify POST handler to continue...

EUVD-2026-24555

free5GC UDR: Fail-open handling in PolicyDataSubsToNotifyPost allows unintended subscription creation...

HPE Aruba Networking Private 5G Core 安全漏洞

HPE Aruba Networking Private 5G Core is a 5G core component developed by the American company HPE. There are security vulnerabilities in HPE Aruba Networking Private 5G Core, and these vulnerabilities stem from an open redirection mechanism within the graphical user interface login process, which...

CVE-2026-34761

Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, Ella Core panics when processing a NGAP handover failure message. An attacker able to cause a gNodeB to send NGAP handover failure messages to Ella Core can crash the process, causing service disruption for all connecte...

5G Puppeteer: Chaining Hidden Command and Control Channels in 5G Core Networks

Mobile networks are essential for modern societies. The most recent generation of mobile networks will be even more ubiquitous than previous ones. Therefore, the security of these networks as part of the critical infrastructure with essential communication services is of the uttermost importance...

Empowering Mobile Networks Security Resilience by Using Post-Quantum Cryptography

The transition to a cloud-native 5G Service-Based Architecture SBA improves scalability but exposes control-plane signaling to emerging quantum threats, including Harvest-Now, Decrypt-Later HNDL attacks. While NIST has standardized post-quantum cryptography PQC, practical, deployable integration ...

CVE-2026-33192

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with an empty supi path parameter...

free5GC 代码问题漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC such as 1.4.1 and earlier contained code vulnerabilities. These vulnerabilities resulted from kernel crashes when processing malformed PFCP SessionReportRequest messages, which could lead to proce...

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC such as 1.4.1 and earlier contain security vulnerabilities. These vulnerabilities stem from improper error handling and information leakage in the user data storage libraries. The NEF component...

CVE-2026-23598 Unauthenticated Information Disclosure in application API allows sensitive system information exposure

Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could allow an attacker to access details such as user accounts, roles, and system configuration, as well...

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.6 and earlier contain security vulnerabilities. These vulnerabilities stem from incorrect handling of the parameter pdr in the function...

free5GC security vulnerabilities

Free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of Free5GC 4.1.0 and earlier contain security vulnerabilities. These vulnerabilities stem from improper handling in the HandleReports function within the PFCP UDP Endpoint component, located in the...

CVE-2025-56394

Free5gc 4.0.1 is vulnerable to Buffer Overflow. The AMF incorrectly validates the 5GS mobile identity, resulting in slice reference overflow...

Open5GS Denial of Service Vulnerability (CNVD-2025-18575)

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS suffers from a denial of service vulnerability that can be exploited by an attacker to cause a crash caused by the AMF in commonregisterstate...

Open5GS has an unspecified vulnerability (CNVD-2025-18577)

Open5GS is Open5GS open source an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS has a security vulnerability that can be exploited by an attacker to cause reachable assertions...

OpenAirInterface CN5G AMF 安全漏洞

OpenAirInterface CN5G AMF is an OpenAirInterface open source application. A security vulnerability exists in OpenAirInterface CN5G AMF v2.0.0 and earlier versions, which stems from the inclusion of a null pointer dereference that allows an attacker with AMF network adjacency access to perform a...

free5GC 安全漏洞

free5GC is a 5th Generation 5G mobile core network open source project by free5GC. free5GC version 3.2.1 suffers from a denial of service vulnerability. The vulnerability stems from the program's failure to properly come out with the wrong NGAP message, which is exploited by attackers to crash th...

Open5Gs Buffer Overflow Vulnerability (CNVD-2025-18596)

Open5Gs is an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. Open5GS suffers from a buffer overflow vulnerability that can be exploited by an attacker to cause a denial of service...