22 matches found
CVE-2026-44315
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-pfd-management API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, and delete PFD-management transaction state with a...
CVE-2026-44315
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-pfd-management API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, and delete PFD-management transaction state with a...
CVE-2026-44315 free5GC: NEF 3gpp-pfd-management API is unauthenticated; forged bearer tokens can create, read, and delete PFD transactions
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-pfd-management API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, and delete PFD-management transaction state with a...
CVE-2026-44315 free5GC: NEF 3gpp-pfd-management API is unauthenticated; forged bearer tokens can create, read, and delete PFD transactions
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-pfd-management API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, and delete PFD-management transaction state with a...
CVE-2026-44315
The CVE describes a vulnerability in free5GC NEF where the 3gpp-pfd-management API is mounted without inbound OAuth2/bearer-token authorization prior to version 4.2.2. An attacker reachable on the SBI can forge Bearer tokens to create, read, and delete PFD-management transactions, with these acti...
EUVD-2026-32553
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-pfd-management API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, and delete PFD-management transaction state with a...
CVE-2026-44330
Summary (CVE-2026-44330): free5GC NEF’s nnef-pfdmanagement route group was found to be mounted without inbound OAuth2/bearer-token authorization, exposing read and write access to PFD data and subscriptions. Affected: free5GC v4.2.1 (NEF). Impact: an attacker who can reach the NEF SBI can read PF...
free5GC's NEF 3gpp-pfd-management PATCH applications/{appId} panics on UDR access failure due to nil ProblemDetails dereference
Summary free5GC's NEF PATCH /3gpp-pfd-management/v1/afId/transactions/transId/applications/appId handler panics with a nil-pointer dereference when the upstream UDR call fails AND the consumer wrapper returns err != nil together with a nil ProblemDetails. The handler's errPfdData != nil branch...
GHSA-5F62-53R8-QRQF free5GC's NEF 3gpp-pfd-management API is unauthenticated; forged bearer tokens can create, read, and delete PFD transactions
Summary free5GC's NEF mounts the 3gpp-pfd-management API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, and delete PFD-management transaction state with a forged or arbitrary bearer token e.g. Authorization: Bearer...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the 3gpp-pfd-management API. An attacker can create, read, and delete transaction state by sending requests with forged or arbitrary bearer tokens, even if the service is not declared in the configuration...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the 3gpp-pfd-management API. An attacker can create, read, and delete transaction state by sending requests with forged or arbitrary bearer tokens, even if the service is not declared in the configuration...
PT-2026-39260
Name of the Vulnerable Software and Affected Versions free5GC version 4.2.1 Description The Network Exposure Function NEF mounts the nnef-pfdmanagement route group without inbound OAuth2 or bearer-token authorization. This allows a network attacker with access to the Service-Based Interface SBI t...
PT-2026-39245
Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2 Description The Network Exposure Function NEF in free5GC mounts the '3gpp-pfd-management' API without inbound OAuth2 or bearer-token authorization. A network attacker with access to the Service Based Interface S...
CVE-2025-69208
free5GC UDR is the user data repository UDR for free5GC, an an open-source project for 5th generation 5G mobile core networks. Versions prior to 1.4.1 contain an Improper Error Handling vulnerability with Information Exposure. All deployments of free5GC using the NnefPfdManagement service may be...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the NnefPfdManagement process. An attacker can obtain internal parsing error details by sending malformed requests to the NEF component, which may assist in service fingerprinting. Remediation Upgrade...
CVE-2026-27643
free5GC UDR is the user data repository UDR for free5GC, an an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, the NEF component reliably leaks internal parsing error details e.g., invalid character 'n' after top-level value to remote clients...
EUVD-2026-7462
free5GC UDR is the user data repository UDR for free5GC, an an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, the NEF component reliably leaks internal parsing error details e.g., invalid character 'n' after top-level value to remote clients...
CVE-2026-27643 free5GC has improper error handling in NEF with information exposure
free5GC UDR is the user data repository UDR for free5GC, an an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, the NEF component reliably leaks internal parsing error details e.g., invalid character 'n' after top-level value to remote clients...
EUVD-2025-207565
free5GC is an open-source project for 5th generation 5G mobile core networks. Versions up to and including 1.4.1 of the User Data Repository are affected by Improper Error Handling with Information Exposure. The NEF component reliably leaks internal parsing error details e.g., invalid character '...
PT-2026-21593
free5GC UDR is the user data repository UDR for free5GC, an an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, the NEF component reliably leaks internal parsing error details e.g., invalid character 'n' after top-level value to remote clients...