Lucene search
+L

4 matches found

Veracode
Veracode
added 2026/05/16 5:32 a.m.25 views

Information Disclosure

Free5GC is vulnerable to Information Disclosure. The vulnerability is due to improper request handling in the UDR endpoint GET /nudr-dr/v2/application-data/influenceData/subs-to-notify, where error responses for missing or malformed parameters do not terminate execution. As a result, processing...

7.5CVSS5.8AI score0.00506EPSS
Exploits1References1Affected Software1
Veracode
Veracode
added 2026/05/16 5:30 a.m.12 views

Improper Access Control

github.com/free5gc/udr is vulnerable to Improper Access Control. The vulnerability is due to improper request handling in the Traffic Influence Subscription deletion endpoint, which allows an attacker to bypass validation and delete arbitrary subscriptions despite receiving a misleading 404...

8.7CVSS5.9AI score0.0038EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/04/16 9:57 p.m.4 views

CVE-2026-40248 free5gc UDR improper path validation allows unauthenticated creation and modification of Traffic Influence Subscriptions

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for creating or updating Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404...

8.7CVSS6.1AI score0.00427EPSS
Exploits1References3
OSV
OSV
added 2026/04/14 8:0 p.m.6 views

GHSA-X5R2-R74C-3W28 free5gc UDR improper path validation allows unauthenticated access to Traffic Influence Subscriptions

Summary An improper path validation vulnerability in the UDR service allows any unauthenticated attacker with access to the 5G Service Based Interface SBI to read Traffic Influence Subscriptions by supplying an arbitrary value in place of the expected subs-to-notify path segment. Details The...

8.7CVSS6AI score0.00493EPSS
Exploits1References3
Rows per page
Query Builder