Free5GC UDM has Improper Input Validation and Generation of Error Messages Containing Sensitive Information

Summary The free5GC UDM component fails to validate the supi path parameter in six GET handlers of the nudm-sdm Subscriber Data Management service. An unauthenticated attacker can inject control characters into the SUPI parameter, causing UDM to forward a malformed request to UDR and return a 500...

GHSA-585V-HCGF-JHFR Free5GC UDM has Improper Input Validation and Generation of Error Messages Containing Sensitive Information

Summary The free5GC UDM component fails to validate the supi path parameter in six GET handlers of the nudm-sdm Subscriber Data Management service. An unauthenticated attacker can inject control characters into the SUPI parameter, causing UDM to forward a malformed request to UDR and return a 500...

SUSE CVE-2026-33191

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to null byte injection in URL path parameters. A remote attacker can inject null bytes URL-encoded as %00 into the supi path parameter of the UDM's...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure due to improper handling of the supi path parameter in the DELETE sdm-subscriptions request. An attacker can cause the service to return an unexpected error response by sending a request with an empty supi parameter...

CVE-2026-33192 free5GC UDM incorrectly returns 500 for empty supi path parameter in PATCH sdm-subscriptions reques

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with an empty supi path parameter...

CVE-2026-33065 free5GC UDM incorrectly returns 500 for empty supi path parameter in DELETE sdm-subscriptions request

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling DELETE requests with an empty supi path parameter. This leak...

CVE-2026-27642

free5gc UDM provides Unified Data Management UDM for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, remote attackers can inject control characters e.g., %00 into the supi parameter, triggering internal URL parsing errors net/url:...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the supi parameter. An attacker can cause internal URL parsing errors and expose system-level error details by injecting control characters, such as %00, into requests. This can be used for service fingerprintin...

CVE-2026-27642

free5gc UDM provides Unified Data Management UDM for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, remote attackers can inject control characters e.g., %00 into the supi parameter, triggering internal URL parsing errors net/url:...

CVE-2026-27642

free5gc UDM provides Unified Data Management UDM for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, remote attackers can inject control characters e.g., %00 into the supi parameter, triggering internal URL parsing errors net/url:...

CVE-2026-27642 free5GC has Improper Input Validation in UDM UEAU Service

free5gc UDM provides Unified Data Management UDM for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, remote attackers can inject control characters e.g., %00 into the supi parameter, triggering internal URL parsing errors net/url:...

CVE-2026-27642 free5GC has Improper Input Validation in UDM UEAU Service

free5gc UDM provides Unified Data Management UDM for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, remote attackers can inject control characters e.g., %00 into the supi parameter, triggering internal URL parsing errors net/url:...

PT-2026-21592

Name of the Vulnerable Software and Affected Versions free5gc UDM versions up to and including 1.4.1 Description free5gc UDM provides Unified Data Management for free5GC, an open-source 5G mobile core network project. Remote attackers can inject control characters, such as %00, into the supi...

free5GC 输入验证错误漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC such as 1.4.1 and earlier contained a vulnerability related to input validation errors. This vulnerability stemmed from the ability to inject control characters in the supi parameter, which could...