11 matches found
EUVD-2026-32556
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not enforce the concurrent security procedure rules defined in 3GPP TS 33.501 §6.9.5.1. The AMF does not check for ongoing N2 handover procedures before initiating a NAS Security Mode Command,...
EUVD-2026-32578
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-callback route group without inbound OAuth2/bearer-token authorization. A forged or arbitrary bearer token e.g. Authorization: Bearer not-a-real-token is enough to reach the SMF-callback...
free5GC 安全漏洞
free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of inbound OAuth2/bearer-token authorization when the NEF module mounted the 3gpp-pfd-management API...
EUVD-2026-24575
free5GC PCF: Memory Leak via CORS Middleware Registration in HTTP Handler Leads to Denial of Service...
free5GC 安全漏洞
free5GC is an open-source project for the 5th generation 5G mobile core network. Version 4.2.0 of free5GC contains a security vulnerability, which stems from issues with the NGSetupRequest Handler component and could lead to denial-of-service attacks...
CVE-2026-33192 free5GC UDM incorrectly returns 500 for empty supi path parameter in PATCH sdm-subscriptions reques
Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with an empty supi path parameter...
CVE-2026-32937
This CVE affects free5GC CHF prior to v1.2.2, where an out-of-bounds slice access in nchf-convergedcharging RechargePut(...) can be triggered by an authenticated PUT to /nchf-convergedcharging/v3/recharging/:ueId?ratingGroup=.... The result is a server-side panic converted to HTTP 500 by Gin, ena...
CVE-2026-26024
CVE-2026-26024 affects the free5GC SMF (Session Management Function) in versions up to 1.4.1. A malformed PFCP SessionReportRequest on the PFCP (UDP/8805) interface can cause the SMF to panic and terminate. Some sources describe a nil pointer dereference in related CVE records. There is no known ...
CVE-2025-69232 free5GC hasProtocol Compliance Violation in UPF Leading to SMF Service Disruption
free5GC is an open-source project for 5th generation 5G mobile core networks. free5GC go-upf versions up to and including 1.2.6, corresponding to free5gc smf up to and including 1.4.0, have an Improper Input Validation and Protocol Compliance vulnerability leading to Denial of Service. Remote...
CVE-2025-66720
Null pointer dereference in free5gc pcf 1.4.0 in file internal/sbi/processor/ampolicy.go in function HandleDeletePoliciesPolAssoId...
The vulnerability of the 5G mobile communication network management software free5gc, related to improper cleaning or release of resources, allows a perpetrator to cause service interruptions.
The vulnerability of the 5G mobile communication network management software free5gc is related to improper cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures through a specially created PFCP message...