Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.12 views

CVE-2026-44315

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-pfd-management API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, and delete PFD-management transaction state with a...

9.4CVSS5.6AI score0.00314EPSS
Exploits1References1
NVD
NVD
added 2026/05/27 5:16 p.m.14 views

CVE-2026-44326

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-traffic-influence API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, patch, and delete traffic-influence subscriptio...

9.4CVSS0.00311EPSS
Exploits1References3
NVD
NVD
added 2026/05/27 5:16 p.m.28 views

CVE-2026-44315

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-pfd-management API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, and delete PFD-management transaction state with a...

9.4CVSS0.00314EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/27 3:52 p.m.15 views

EUVD-2026-32553

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-pfd-management API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, and delete PFD-management transaction state with a...

9.4CVSS5.9AI score0.00314EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/05/27 3:52 p.m.9 views

CVE-2026-44315

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-pfd-management API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, and delete PFD-management transaction state with a...

9.4CVSS5.9AI score0.00314EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 3:41 p.m.10 views

CVE-2026-44326

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-traffic-influence API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, patch, and delete traffic-influence subscriptio...

9.4CVSS5.8AI score0.00311EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 3:40 p.m.7 views

CVE-2026-44327

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-oam route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can hit the OAM route with no Authorization header at all and the handl...

10CVSS5.8AI score0.00311EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2026/05/08 10:59 p.m.8 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the nnef-oam route group due to missing inbound authentication and authorization checks. An attacker can gain unauthorized access to administrative operations by sending unauthenticated requests to the exposed...

10CVSS5.8AI score0.00311EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/05/08 10:58 p.m.13 views

free5GC's NEF 3gpp-traffic-influence API is unauthenticated; missing or forged bearer tokens can create, read, patch, and delete subscriptions

Summary free5GC's NEF mounts the 3gpp-traffic-influence API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, patch, and delete traffic-influence subscriptions either with no Authorization header at all, or with a forged bearer...

9.4CVSS5.8AI score0.00311EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder