Lucene search
K

11 matches found

EUVD
EUVD
added 2026/05/27 3:59 p.m.15 views

EUVD-2026-32556

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not enforce the concurrent security procedure rules defined in 3GPP TS 33.501 §6.9.5.1. The AMF does not check for ongoing N2 handover procedures before initiating a NAS Security Mode Command,...

3.7CVSS5.8AI score0.00251EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/27 3:48 p.m.13 views

EUVD-2026-32578

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-callback route group without inbound OAuth2/bearer-token authorization. A forged or arbitrary bearer token e.g. Authorization: Bearer not-a-real-token is enough to reach the SMF-callback...

7.3CVSS5.9AI score0.00241EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.8 views

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of inbound OAuth2/bearer-token authorization when the NEF module mounted the 3gpp-pfd-management API...

9.4CVSS5.8AI score0.00314EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/22 7:49 p.m.5 views

EUVD-2026-24575

free5GC PCF: Memory Leak via CORS Middleware Registration in HTTP Handler Leads to Denial of Service...

7.5CVSS5.8AI score0.00515EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.7 views

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Version 4.2.0 of free5GC contains a security vulnerability, which stems from issues with the NGSetupRequest Handler component and could lead to denial-of-service attacks...

6.9CVSS6.1AI score0.00419EPSS
Exploits0References7
OSV
OSV
added 2026/03/20 8:9 a.m.7 views

CVE-2026-33192 free5GC UDM incorrectly returns 500 for empty supi path parameter in PATCH sdm-subscriptions reques

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with an empty supi path parameter...

8.7CVSS6.2AI score0.00321EPSS
Exploits1References5
CVE
CVE
added 2026/03/20 2:43 a.m.24 views

CVE-2026-32937

This CVE affects free5GC CHF prior to v1.2.2, where an out-of-bounds slice access in nchf-convergedcharging RechargePut(...) can be triggered by an authenticated PUT to /nchf-convergedcharging/v3/recharging/:ueId?ratingGroup=.... The result is a server-side panic converted to HTTP 500 by Gin, ena...

7.1CVSS5.8AI score0.00404EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/02/24 12:12 a.m.14 views

CVE-2026-26024

CVE-2026-26024 affects the free5GC SMF (Session Management Function) in versions up to 1.4.1. A malformed PFCP SessionReportRequest on the PFCP (UDP/8805) interface can cause the SMF to panic and terminate. Some sources describe a nil pointer dereference in related CVE records. There is no known ...

8.7CVSS5.3AI score0.00302EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/23 9:27 p.m.7 views

CVE-2025-69232 free5GC hasProtocol Compliance Violation in UPF Leading to SMF Service Disruption

free5GC is an open-source project for 5th generation 5G mobile core networks. free5GC go-upf versions up to and including 1.2.6, corresponding to free5gc smf up to and including 1.4.0, have an Improper Input Validation and Protocol Compliance vulnerability leading to Denial of Service. Remote...

6.9CVSS5.5AI score0.00355EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/01/23 12:0 a.m.6 views

CVE-2025-66720

Null pointer dereference in free5gc pcf 1.4.0 in file internal/sbi/processor/ampolicy.go in function HandleDeletePoliciesPolAssoId...

5.3AI score0.00427EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2023/11/17 12:0 a.m.11 views

The vulnerability of the 5G mobile communication network management software free5gc, related to improper cleaning or release of resources, allows a perpetrator to cause service interruptions.

The vulnerability of the 5G mobile communication network management software free5gc is related to improper cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures through a specially created PFCP message...

6.8CVSS7.2AI score0.00851EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder