318 matches found
CVE-2026-40248
CVE-2026-40248 affects free5GC UDR (versions 4.2.1 and earlier). The vulnerability stems from improper path validation: when influenceId != subs-to-notify, the handler returns 404 but does not stop, allowing unauthenticated SBI clients to create/modify Traffic Influence Subscriptions by supplying...
CVE-2026-40248
free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for creating or updating Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404...
CVE-2026-40247
free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for reading Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when...
CVE-2026-40247 free5gc UDR improper path validation allows unauthenticated access to Traffic Influence Subscriptions
free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for reading Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when...
CVE-2026-40247 free5gc UDR improper path validation allows unauthenticated access to Traffic Influence Subscriptions
free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for reading Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when...
CVE-2026-40247
The CVE-2026-40247 entry describes an improper path validation in free5GC UDR (versions 4.2.1 and earlier). The handler for GET /nudr-dr/v2/application-data/influenceData/{influenceId}/{subscriptionId} does not stop after sending a 404 when influenceId != subs-to-notify, allowing an unauthenticat...
CVE-2026-40246 free5gc UDR improper path validation allows unauthenticated deletion of Traffic Influence Subscriptions
free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the UDR service, the handler for deleting Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when...
CVE-2026-40246
free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the UDR service, the handler for deleting Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when...
CVE-2026-40246
CVE-2026-40246 affects free5GC UDR (versions ≤ 1.4.2). The Delete handler for Traffic Influence Subscriptions validates influenceId ≠ subs-to-notify, returns 404, but does not stop execution, so the subsequent delete procedure runs and user-supplied subscription IDs can be deleted unauthenticated...
CVE-2026-40246 free5gc UDR improper path validation allows unauthenticated deletion of Traffic Influence Subscriptions
free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the UDR service, the handler for deleting Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when...
free5gc UDR improper path validation allows unauthenticated creation and modification of Traffic Influence Subscriptions
Summary An improper path validation vulnerability in the UDR service allows any unauthenticated attacker with access to the 5G Service Based Interface SBI to create or overwrite Traffic Influence Subscriptions by supplying an arbitrary value in place of the expected subs-to-notify path segment...
GHSA-JGQ2-QV8V-5CMJ free5gc UDR improper path validation allows unauthenticated creation and modification of Traffic Influence Subscriptions
Summary An improper path validation vulnerability in the UDR service allows any unauthenticated attacker with access to the 5G Service Based Interface SBI to create or overwrite Traffic Influence Subscriptions by supplying an arbitrary value in place of the expected subs-to-notify path segment...
free5gc UDR improper path validation allows unauthenticated access to Traffic Influence Subscriptions
Summary An improper path validation vulnerability in the UDR service allows any unauthenticated attacker with access to the 5G Service Based Interface SBI to read Traffic Influence Subscriptions by supplying an arbitrary value in place of the expected subs-to-notify path segment. Details The...
GHSA-X5R2-R74C-3W28 free5gc UDR improper path validation allows unauthenticated access to Traffic Influence Subscriptions
Summary An improper path validation vulnerability in the UDR service allows any unauthenticated attacker with access to the 5G Service Based Interface SBI to read Traffic Influence Subscriptions by supplying an arbitrary value in place of the expected subs-to-notify path segment. Details The...
Improper Authorization
Overview github.com/free5gc/udr/internal/sbi is a None Affected versions of this package are vulnerable to Improper Authorization. through improper validation of the influenceId path parameter in the DELETE endpoint. An attacker can remove arbitrary Traffic Influence Subscriptions by sending a...
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization through improper validation of the influenceId path parameter in the DELETE endpoint. An attacker can remove arbitrary Traffic Influence Subscriptions by sending a crafted request with an invalid influenceId value...
free5gc UDR improper path validation allows unauthenticated deletion of Traffic Influence Subscriptions
Summary An improper path validation vulnerability in the UDR service allows any unauthenticated attacker with access to the 5G Service Based Interface SBI to delete Traffic Influence Subscriptions by supplying an arbitrary value in place of the expected subs-to-notify path segment. Details The...
GHSA-WRWH-RPQ4-87HF free5gc UDR nudr-dr influenceData/subs-to-notify leaks SUPI in error response body without authentication
Summary An information disclosure vulnerability in the UDR service allows any unauthenticated attacker with access to the 5G Service Based Interface SBI to retrieve stored subscriber identifiers SUPI/IMSI with a single HTTP GET request requiring no parameters or credentials. Details The endpoint...
PT-2026-32974
Name of the Vulnerable Software and Affected Versions free5GC versions 4.2.1 and earlier Description An improper path validation issue exists in the UDR service. The endpoint 'GET /nudr-dr/v2/application-data/influenceData/influenceId/subscriptionId' is designed to operate only when the influence...
PT-2026-32975
Name of the Vulnerable Software and Affected Versions free5GC UDR service versions prior to 4.2.1 Description An improper path validation issue exists in the UDR service. The handler for creating or updating Traffic Influence Subscriptions checks if the influenceId path segment equals...