CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

58 matches found

EUVD-2026-33476

A vulnerability was identified in Open5GS up to 2.7.6. This impacts an unknown function of the file src/amf/ngap-handler.c of the component NGAP PathSwitchRequest Message Handler. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit is...

7.5CVSS6.7AI score0.00095EPSS

Exploits0References7

CVE•added 5 days ago•11 views

CVE-2026-10157

Open5GS up to 2.7.6 is affected by a vulnerability in the NGAP PathSwitchRequest Message Handler (src/amf/ngap-handler.c). The issue arises from a manipulation that leads to improper authentication. The attack can be initiated remotely, and a public exploit exists. A patch is available with ident...

7.5CVSS6.7AI score0.00095EPSS

Exploits0References8

Cvelist•added 5 days ago•34 views

CVE-2026-10157 Open5GS NGAP PathSwitchRequest Message ngap-handler.c improper authentication

7.5CVSS0.00095EPSS

Exploits0References8

ATTACKERKB•added 5 days ago•8 views

CVE-2026-10157

7.5CVSS6.7AI score0.00095EPSS

Exploits0References7

Positive Technologies•added 5 days ago•8 views

PT-2026-45161

7.5CVSS6.7AI score0.00095EPSS

Exploits0References8

NVD•added 2026/05/27 5:16 p.m.•7 views

CVE-2026-44475

Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored values. A malicious gNB can overwrite Ella Core's stored UE security capabilities for any UE with...

6.1CVSS0.00023EPSS

Exploits0References1

NVD•added 2026/05/27 5:16 p.m.•10 views

CVE-2026-42081

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored values, as mandated by 3GPP TS 33.501 §6.7.3.1. A malicious gNB can overwrite the...

7.1CVSS0.0003EPSS

Exploits1References1

ATTACKERKB•added 2026/05/27 3:59 p.m.•7 views

CVE-2026-42081

6.1CVSS5.9AI score0.0003EPSS

Exploits1References2Affected Software1

CVE•added 2026/05/27 3:59 p.m.•8 views

CVE-2026-42081

CVE-2026-42081 — free5GC AMF UE Security Capabilities bypass (NGAP PathSwitchRequest) Affected software: free5GC AMF (prior to 4.2.2). What is vulnerable: The AMF does not verify UE security capabilities received in NGAP PathSwitchRequest against locally stored values, allowing a malicious gNB to...

7.1CVSS5.9AI score0.0003EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2026/05/27 3:59 p.m.•7 views

CVE-2026-42081 free5GC: UE Security Capability bypass on NGAP PathSwitchRequest

6.1CVSS5.9AI score0.0003EPSS

Exploits1References1

Vulnrichment•added 2026/05/27 3:15 p.m.•5 views

CVE-2026-44475 Ella Core: UE Security Capability bypass on NGAP PathSwitchRequest

6.1CVSS5.9AI score0.00023EPSS

Exploits0References1

CVE•added 2026/05/27 3:15 p.m.•7 views

CVE-2026-44475

CVE-2026-44475 affects Ella Core (private 5G core). Prior to version 1.10.0, the PathSwitchRequest handling does not verify UE Security Capabilities against locally stored values, allowing a malicious gNB to overwrite a UE’s security capabilities with arbitrary values via a crafted PathSwitchRequ...

6.1CVSS5.9AI score0.00023EPSS

Exploits0References1

ATTACKERKB•added 2026/05/27 3:15 p.m.•5 views

CVE-2026-44475

6.1CVSS5.9AI score0.00023EPSS

Exploits0References2Affected Software1

EUVD•added 2026/05/27 3:15 p.m.•8 views

EUVD-2026-32562

6.1CVSS5.9AI score0.00023EPSS

Exploits0References1

Cvelist•added 2026/05/27 3:15 p.m.•39 views

CVE-2026-44475 Ella Core: UE Security Capability bypass on NGAP PathSwitchRequest

6.1CVSS0.00023EPSS

Exploits0References1

CNNVD•added 2026/05/27 12:0 a.m.•5 views

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained security vulnerabilities. These vulnerabilities stemmed from AMF’s failure to verify the UE security capabilities in NGAP PathSwitchRequest messages. This could allow...

7.1CVSS5.8AI score0.0003EPSS

Exploits1References1

CNNVD•added 2026/05/27 12:0 a.m.•3 views

Ella Core 安全特征问题漏洞

Ella Core is an open-source solution developed by Ella Networks for use in private networks as a 5G core network solution. Versions of Ella Core prior to 1.10.0 contained security feature vulnerabilities. These vulnerabilities stemmed from an unvalidated check to ensure that the UE security...

6.1CVSS5.8AI score0.00023EPSS

Exploits0References2

RedhatCVE•added 2026/05/25 10:19 a.m.•8 views

CVE-2026-9298

A flaw was found in omec-project amf. A remote attacker could exploit an unknown functionality within the PathSwitchRequest Handler component, leading to memory corruption...

6.5CVSS6.5AI score0.00052EPSS

Exploits0References9

Snyk•added 2026/05/23 1:44 p.m.•6 views

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow in the PathSwitchRequest process. An attacker can cause memory corruption by sending specially crafted requests remotely to the affected component. Remediation Upgrade github.com/omec-project/amf/gmm to version 2.2.0 or...

6.5CVSS6.6AI score0.00052EPSS

Exploits0References2

Snyk•added 2026/05/23 1:44 p.m.•7 views

Buffer Overflow

6.5CVSS6.6AI score0.00052EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by