2 matches found
CVE-2026-44330 free5GC: NEF nnef-pfdmanagement API is unauthenticated; forged bearer tokens can read PFD data and create/delete PFD subscriptions
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-pfdmanagement route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can use a forged or arbitrary bearer token e.g. Authorization...
CVE-2025-70123
Summary of CVE-2025-70123 : In free5GC v4.0.1, the UPF fails to validate a malformed PFCP Association Setup Request, violating 3GPP TS 29.244. This leads to an inconsistent UPF state, and a subsequent valid PFCP Session Establishment Request can trigger a cascading failure that disrupts the SMF c...