8 matches found
CVE-2026-42083
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, PCF NpcfSMPolicyControl missing authentication middleware allows unauthenticated access to SM policy handlers and disclosure of subscriber SUPI. In NewServer, the smPolicyGroup route group is created and routes are...
CVE-2026-42083 free5GC: PCF Npcf_SMPolicyControl missing authentication middleware allows unauthenticated access to SM policy handlers and disclosure of subscriber SUPI
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, PCF NpcfSMPolicyControl missing authentication middleware allows unauthenticated access to SM policy handlers and disclosure of subscriber SUPI. In NewServer, the smPolicyGroup route group is created and routes are...
EUVD-2026-32555
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, PCF NpcfSMPolicyControl missing authentication middleware allows unauthenticated access to SM policy handlers and disclosure of subscriber SUPI. In NewServer, the smPolicyGroup route group is created and routes are...
CVE-2026-42083
CVE-2026-42083 affects free5GC PCF Npcf_SMPolicyControl where missing router authorization middleware in the smPolicyGroup allowed unauthenticated access to SM policy endpoints (e.g., POST /npcf-smpolicycontrol/v1/sm-policies, GET /sm-policies/{id}, POST /sm-policies/{id}/update, POST /sm-policie...
GHSA-WR8J-6CHW-GM6P free5GC's PCF npcf-smpolicycontrol POST /sm-policies panics on downstream UDR/OpenAPI 404 via nil pointer dereference
Summary free5GC's PCF POST /npcf-smpolicycontrol/v1/sm-policies handler HandleCreateSmPolicyRequest panics with a nil-pointer dereference when a downstream OpenAPI consumer call UDR lookup returns 404 Not Found and the consumer wrapper returns err != nil together with a nil response struct. The...
Free5GC PCF: Missing authentication middleware in Npcf_SMPolicyControl allows access to SM policy handlers and disclosure of subscriber SUPI
Summary PCF NpcfSMPolicyControl missing authentication middleware allows unauthenticated access to SM policy handlers and disclosure of subscriber SUPI Details In NewServer, the smPolicyGroup route group is created and routes are applied without attaching the router authorization middleware. In...
GHSA-6RGM-GR97-X3J5 Free5GC PCF: Missing authentication middleware in Npcf_SMPolicyControl allows access to SM policy handlers and disclosure of subscriber SUPI
Summary PCF NpcfSMPolicyControl missing authentication middleware allows unauthenticated access to SM policy handlers and disclosure of subscriber SUPI Details In NewServer, the smPolicyGroup route group is created and routes are applied without attaching the router authorization middleware. In...
PT-2026-38368
Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2 Description The PCF Npcf SMPolicyControl service lacks authentication middleware in the NewServer function, where the smPolicyGroup route group is created without attaching the RouterAuthorizationCheck middlewar...