Lucene search
K

3 matches found

Vulnrichment
Vulnrichment
added 2026/05/27 3:52 p.m.8 views

CVE-2026-44315 free5GC: NEF 3gpp-pfd-management API is unauthenticated; forged bearer tokens can create, read, and delete PFD transactions

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-pfd-management API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, and delete PFD-management transaction state with a...

9.4CVSS5.9AI score0.00314EPSS
Exploits1References3
OSV
OSV
added 2026/05/08 10:58 p.m.8 views

GHSA-3P28-73Q7-45XP free5GC's NEF 3gpp-traffic-influence API is unauthenticated; missing or forged bearer tokens can create, read, patch, and delete subscriptions

Summary free5GC's NEF mounts the 3gpp-traffic-influence API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, patch, and delete traffic-influence subscriptions either with no Authorization header at all, or with a forged bearer...

9.4CVSS5.8AI score0.00311EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.18 views

PT-2026-39256

Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2 Description The Network Exposure Function NEF mounts the '3gpp-traffic-influence' API without requiring inbound OAuth2 or bearer-token authorization. A network attacker with access to the NEF on the Service Base...

9.4CVSS5.8AI score0.00311EPSS
Exploits1References7
Rows per page
Query Builder