Lucene search
K

29 matches found

Cvelist
Cvelist
added 2026/04/16 9:40 p.m.25 views

CVE-2026-40246 free5gc UDR improper path validation allows unauthenticated deletion of Traffic Influence Subscriptions

free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the UDR service, the handler for deleting Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when...

8.7CVSS0.0038EPSS
Exploits1References1
OSV
OSV
added 2026/04/14 8:0 p.m.7 views

GHSA-JGQ2-QV8V-5CMJ free5gc UDR improper path validation allows unauthenticated creation and modification of Traffic Influence Subscriptions

Summary An improper path validation vulnerability in the UDR service allows any unauthenticated attacker with access to the 5G Service Based Interface SBI to create or overwrite Traffic Influence Subscriptions by supplying an arbitrary value in place of the expected subs-to-notify path segment...

8.7CVSS5.9AI score0.00427EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/14 8:0 p.m.9 views

free5gc UDR improper path validation allows unauthenticated creation and modification of Traffic Influence Subscriptions

Summary An improper path validation vulnerability in the UDR service allows any unauthenticated attacker with access to the 5G Service Based Interface SBI to create or overwrite Traffic Influence Subscriptions by supplying an arbitrary value in place of the expected subs-to-notify path segment...

8.7CVSS5.9AI score0.00427EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/14 8:0 p.m.8 views

free5gc UDR improper path validation allows unauthenticated access to Traffic Influence Subscriptions

Summary An improper path validation vulnerability in the UDR service allows any unauthenticated attacker with access to the 5G Service Based Interface SBI to read Traffic Influence Subscriptions by supplying an arbitrary value in place of the expected subs-to-notify path segment. Details The...

8.7CVSS6AI score0.00493EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2026/04/14 8:0 p.m.6 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization through improper validation of the influenceId path parameter in the DELETE endpoint. An attacker can remove arbitrary Traffic Influence Subscriptions by sending a crafted request with an invalid influenceId value...

8.7CVSS5.9AI score0.0038EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/14 8:0 p.m.11 views

free5gc UDR improper path validation allows unauthenticated deletion of Traffic Influence Subscriptions

Summary An improper path validation vulnerability in the UDR service allows any unauthenticated attacker with access to the 5G Service Based Interface SBI to delete Traffic Influence Subscriptions by supplying an arbitrary value in place of the expected subs-to-notify path segment. Details The...

8.7CVSS5.9AI score0.0038EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.8 views

PT-2026-32973

Name of the Vulnerable Software and Affected Versions free5GC versions 1.4.2 and earlier Description An improper path validation issue exists in the UDR service. An unauthenticated attacker with access to the 5G Service Based Interface can delete arbitrary Traffic Influence Subscriptions by...

8.7CVSS6.1AI score0.0038EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.10 views

PT-2026-32974

Name of the Vulnerable Software and Affected Versions free5GC versions 4.2.1 and earlier Description An improper path validation issue exists in the UDR service. The endpoint 'GET /nudr-dr/v2/application-data/influenceData/influenceId/subscriptionId' is designed to operate only when the influence...

8.7CVSS6AI score0.00493EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.13 views

PT-2026-32975

Name of the Vulnerable Software and Affected Versions free5GC UDR service versions prior to 4.2.1 Description An improper path validation issue exists in the UDR service. The handler for creating or updating Traffic Influence Subscriptions checks if the influenceId path segment equals...

8.7CVSS6AI score0.00427EPSS
Exploits1References6
Rows per page
Query Builder