3 matches found
CVE-2026-44315
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-pfd-management API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, and delete PFD-management transaction state with a...
free5GC's NEF nnef-callback route group is unauthenticated; forged callback requests are accepted into the processing path
Summary free5GC's NEF mounts the nnef-callback route group without inbound OAuth2/bearer-token authorization. A forged or arbitrary bearer token e.g. Authorization: Bearer not-a-real-token is enough to reach the SMF-callback handler -- the callback body is parsed and dispatched into NEF business...
PT-2026-39256
Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2 Description The Network Exposure Function NEF mounts the '3gpp-traffic-influence' API without requiring inbound OAuth2 or bearer-token authorization. A network attacker with access to the NEF on the Service Base...