4 matches found
CVE-2026-33192 free5GC UDM incorrectly returns 500 for empty supi path parameter in PATCH sdm-subscriptions reques
Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with an empty supi path parameter...
CVE-2026-32937
This CVE affects free5GC CHF prior to v1.2.2, where an out-of-bounds slice access in nchf-convergedcharging RechargePut(...) can be triggered by an authenticated PUT to /nchf-convergedcharging/v3/recharging/:ueId?ratingGroup=.... The result is a server-side panic converted to HTTP 500 by Gin, ena...
CVE-2025-69232 free5GC hasProtocol Compliance Violation in UPF Leading to SMF Service Disruption
free5GC is an open-source project for 5th generation 5G mobile core networks. free5GC go-upf versions up to and including 1.2.6, corresponding to free5gc smf up to and including 1.4.0, have an Improper Input Validation and Protocol Compliance vulnerability leading to Denial of Service. Remote...
The vulnerability of the 5G mobile communication network management software free5gc, related to improper cleaning or release of resources, allows a perpetrator to cause service interruptions.
The vulnerability of the 5G mobile communication network management software free5gc is related to improper cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures through a specially created PFCP message...