69 matches found
CVE-2026-33063
CVE-2026-33063 affects free5GC AUSF prior to 1.4.2. The vulnerability is an improper nil check in GetSupiFromSuciSupiMap, which can panic when SuciSupiMap is nil, causing the AUSF authentication service to crash and deny service for deployments using the UE authentication endpoint /nausf-auth/v1/...
CVE-2026-33063 free5GC AUSF UE Authentication Panic on Nil SuciSupiMap Interface Conversion
free5GC is an open source 5G core network. free5GC AUSF prior to version 1.4.2 has is an Improper Null Check vulnerability leading to Denial of Service. All deployments of free5GC v4.0.1 using the AUSF UE authentication service /nausf-auth/v1/ue-authentications endpoint are affected. A remote...
CVE-2026-33065
Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling DELETE requests with an empty supi path parameter. This leak...
free5GC 代码问题漏洞
free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 1.4.2 contained code vulnerabilities. These vulnerabilities stemmed from improper null pointer checks in the GetSupiFromSuciSupiMap function, which could lead to denial-of-service attacks...
free5GC 安全漏洞
free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 1.4.2 contained security vulnerabilities. These vulnerabilities stemmed from UDM’s improper handling of PATCH requests with empty supi path parameters. UDM incorrectly converted downstrea...
free5GC 安全漏洞
Free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of Free5GC prior to 1.4.2 contained a security vulnerability. This vulnerability stemmed from an empty byte injection in the supi path parameter of the UDM’s NudmSubscriberDataManagement API, which could lea...
UBUNTU-CVE-2026-33192
Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with an empty supi path parameter...
UBUNTU-CVE-2026-33065
Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling DELETE requests with an empty supi path parameter. This leak...
CVE-2026-33192
Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with an empty supi path parameter...
GHSA-5RVC-5CWX-G5X8 free5GC UDM incorrectly returns 500 for empty supi path parameter in PATCH sdm-subscriptions reques
Impact This is an Improper Error Handling vulnerability with Information Exposure implications, combined with an HTTP Method Translation issue. - Security Impact: The UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with ...
free5GC UDM incorrectly returns 500 for empty supi path parameter in PATCH sdm-subscriptions reques
Impact This is an Improper Error Handling vulnerability with Information Exposure implications, combined with an HTTP Method Translation issue. - Security Impact: The UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with ...
GHSA-958M-GXMC-MCCM free5GC UDM incorrectly returns 500 for empty supi path parameter in DELETE sdm-subscriptions request
Impact This is an Improper Error Handling vulnerability with Information Exposure implications. - Security Impact: The UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling DELETE requests with an empty supi path parameter. This leaks intern...
free5GC AUSF UE Authentication Panic on Nil SuciSupiMap Interface Conversion
Impact This is an Improper Null Check vulnerability leading to Denial of Service. - Security Impact: A remote attacker can cause the AUSF service to panic and crash by sending a crafted UE authentication request that triggers a nil interface conversion in the GetSupiFromSuciSupiMap function. This...
PT-2026-26208
Impact This is an Improper Input Validation vulnerability with Denial of Service and Injection implications. - Security Impact: A remote attacker can inject null bytes URL-encoded as %00 into the supi path parameter of the UDM's Nudm SubscriberDataManagement API. This causes URL parsing failure i...
PT-2026-26187
Impact This is an Improper Error Handling vulnerability with Information Exposure implications. - Security Impact: The UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling DELETE requests with an empty supi path parameter. This leaks intern...
CVE-2026-27642
free5gc UDM provides Unified Data Management UDM for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, remote attackers can inject control characters e.g., %00 into the supi parameter, triggering internal URL parsing errors net/url:...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the supi parameter. An attacker can cause internal URL parsing errors and expose system-level error details by injecting control characters, such as %00, into requests. This can be used for service fingerprintin...
CVE-2026-27642
free5gc UDM provides Unified Data Management UDM for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, remote attackers can inject control characters e.g., %00 into the supi parameter, triggering internal URL parsing errors net/url:...
CVE-2026-27642
free5gc UDM provides Unified Data Management UDM for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, remote attackers can inject control characters e.g., %00 into the supi parameter, triggering internal URL parsing errors net/url:...
CVE-2026-27642 free5GC has Improper Input Validation in UDM UEAU Service
free5gc UDM provides Unified Data Management UDM for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, remote attackers can inject control characters e.g., %00 into the supi parameter, triggering internal URL parsing errors net/url:...