CVE-2026-42459

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the free5GC UDM component fails to validate the supi path parameter in six GET handlers of the nudm-sdm Subscriber Data Management service. An unauthenticated attacker can inject control characters into the SUPI...

CVE-2026-42459 free5GC: Improper Input Validation and Generation of Error Message Containing Sensitive Information in github.com/free5gc/udm

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the free5GC UDM component fails to validate the supi path parameter in six GET handlers of the nudm-sdm Subscriber Data Management service. An unauthenticated attacker can inject control characters into the SUPI...

CVE-2026-42459

CVE-2026-42459 documents an improper input validation flaw in free5GC UDM: the SDM (nudm-sdm) service does not validate the SUPI parameter in six GET handlers, allowing an unauthenticated attacker to inject control characters into SUPI. This can cause UDM to forward a malformed URL to UDR and ret...

Free5GC UDM has Improper Input Validation and Generation of Error Messages Containing Sensitive Information

Summary The free5GC UDM component fails to validate the supi path parameter in six GET handlers of the nudm-sdm Subscriber Data Management service. An unauthenticated attacker can inject control characters into the SUPI parameter, causing UDM to forward a malformed request to UDR and return a 500...

PT-2026-38370

Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2 Description The UDM component fails to validate the supi path parameter in six GET handlers of the nudm-sdm Subscriber Data Management service. An unauthenticated attacker can inject control characters into the...

SUSE CVE-2026-33191

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to null byte injection in URL path parameters. A remote attacker can inject null bytes URL-encoded as %00 into the supi path parameter of the UDM's...

CVE-2026-33191

CVE-2026-33191 affects Free5GC UDM (Nudm_SubscriberDataManagement API) where null byte injections in the supi URL path parameter (URL-encoded %00) trigger Go’s net/url parsing error, leading to a 500 Internal Server Error and enabling denial-of-service conditions. Multiple sources confirm the iss...

free5GC UDM vulnerable to null byte injection in URL path parameters causing 500 Internal Server Error

Impact This is an Improper Input Validation vulnerability with Denial of Service and Injection implications. - Security Impact: A remote attacker can inject null bytes URL-encoded as %00 into the supi path parameter of the UDM's NudmSubscriberDataManagement API. This causes URL parsing failure in...

GO-2025-4162 Free5GC is vulnerable to DoS via the Nudm_SubscriberDataManagement API in github.com/free5gc/openapi

Free5GC is vulnerable to DoS via the NudmSubscriberDataManagement API in github.com/free5gc/openapi...

Free5GC is vulnerable to DoS via the Nudm_SubscriberDataManagement API

An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via the NudmSubscriberDataManagement API...

GHSA-3J9F-7W24-PCQG Free5GC is vulnerable to DoS via the Nudm_SubscriberDataManagement API

An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via the NudmSubscriberDataManagement API...

Improper Validation of Specified Type of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input via the NudmSubscriberDataManagement API. An attacker can disrupt service availability by sending crafted requests to this API endpoint. Remediation Upgrade...

CVE-2025-60633

An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via the NudmSubscriberDataManagement API...

CVE-2025-60633

An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via the NudmSubscriberDataManagement API...

CVE-2025-60633

An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via the NudmSubscriberDataManagement API...

CVE-2025-60633

An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via the NudmSubscriberDataManagement API...

PT-2025-47941

An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via the Nudm SubscriberDataManagement API...

Nokia OneNDS 权限许可和访问控制问题漏洞

Nokia OneNDS is a web directory server from Nokia, Finland. It is a core element of the Subscriber Data Management SDM solution. A vulnerability in Nokia OneNDS 17r2 exists in the form of a privilege permission and access control issue vulnerability that stems from incorrect privilege management...

Nokia OneNDS 权限许可和访问控制问题漏洞

Nokia OneNDS is a web directory server from Nokia, Finland. It is a core element of the Subscriber Data Management SDM solution. A privilege permission and access control issue vulnerability exists in Nokia OneNDS version 20.9, which stems from an error in the security configuration and can be...