Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the 3gpp-traffic-influence API route group, which lacks inbound authorization checks. An attacker can create, read, modify, or delete traffic-influence subscriptions by sending unauthenticated or forged requests...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the 3gpp-traffic-influence API route group, which lacks inbound authorization checks. An attacker can create, read, modify, or delete traffic-influence subscriptions by sending unauthenticated or forged requests...

CVE-2026-40248

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for creating or updating Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404...

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization in the handler for creating or updating Traffic Influence Subscriptions due to improper validation of the influenceId path segment. An attacker can create or overwrite arbitrary Traffic Influence Subscriptions,...

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization in the handler responsible for reading Traffic Influence Subscriptions. An attacker can access sensitive subscription data, including SUPIs/IMSIs, DNNs, S-NSSAIs, and callback URIs, by supplying arbitrary values f...

CVE-2026-40246

free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the UDR service, the handler for deleting Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when...

CVE-2026-40247

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for reading Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when...

CVE-2026-40248

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for creating or updating Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404...

CVE-2026-40248

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for creating or updating Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404...

CVE-2026-40248 free5gc UDR improper path validation allows unauthenticated creation and modification of Traffic Influence Subscriptions

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for creating or updating Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404...

CVE-2026-40248

CVE-2026-40248 affects free5GC UDR (versions 4.2.1 and earlier). The vulnerability stems from improper path validation: when influenceId != subs-to-notify, the handler returns 404 but does not stop, allowing unauthenticated SBI clients to create/modify Traffic Influence Subscriptions by supplying...

CVE-2026-40248 free5gc UDR improper path validation allows unauthenticated creation and modification of Traffic Influence Subscriptions

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for creating or updating Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404...

CVE-2026-40247

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for reading Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when...

CVE-2026-40247 free5gc UDR improper path validation allows unauthenticated access to Traffic Influence Subscriptions

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for reading Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when...

CVE-2026-40247 free5gc UDR improper path validation allows unauthenticated access to Traffic Influence Subscriptions

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for reading Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when...

CVE-2026-40247

The CVE-2026-40247 entry describes an improper path validation in free5GC UDR (versions 4.2.1 and earlier). The handler for GET /nudr-dr/v2/application-data/influenceData/{influenceId}/{subscriptionId} does not stop after sending a 404 when influenceId != subs-to-notify, allowing an unauthenticat...

CVE-2026-40246 free5gc UDR improper path validation allows unauthenticated deletion of Traffic Influence Subscriptions

free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the UDR service, the handler for deleting Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when...

CVE-2026-40246

CVE-2026-40246 affects free5GC UDR (versions ≤ 1.4.2). The Delete handler for Traffic Influence Subscriptions validates influenceId ≠ subs-to-notify, returns 404, but does not stop execution, so the subsequent delete procedure runs and user-supplied subscription IDs can be deleted unauthenticated...

CVE-2026-40246

free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the UDR service, the handler for deleting Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when...

CVE-2026-40246 free5gc UDR improper path validation allows unauthenticated deletion of Traffic Influence Subscriptions

free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the UDR service, the handler for deleting Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when...