free5GC's NEF nnef-callback route group is unauthenticated; forged callback requests are accepted into the processing path
Summary free5GC's NEF mounts the nnef-callback route group without inbound OAuth2/bearer-token authorization. A forged or arbitrary bearer token e.g. Authorization: Bearer not-a-real-token is enough to reach the SMF-callback handler -- the callback body is parsed and dispatched into NEF business...