Lucene search
+L

69 matches found

CVE
CVE
added 2026/03/20 2:53 a.m.16 views

CVE-2026-33063

CVE-2026-33063 affects free5GC AUSF prior to 1.4.2. The vulnerability is an improper nil check in GetSupiFromSuciSupiMap, which can panic when SuciSupiMap is nil, causing the AUSF authentication service to crash and deny service for deployments using the UE authentication endpoint /nausf-auth/v1/...

8.7CVSS6AI score0.00652EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/20 2:53 a.m.11 views

CVE-2026-33063 free5GC AUSF UE Authentication Panic on Nil SuciSupiMap Interface Conversion

free5GC is an open source 5G core network. free5GC AUSF prior to version 1.4.2 has is an Improper Null Check vulnerability leading to Denial of Service. All deployments of free5GC v4.0.1 using the AUSF UE authentication service /nausf-auth/v1/ue-authentications endpoint are affected. A remote...

8.7CVSS6.5AI score0.00652EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/03/20 12:0 a.m.9 views

CVE-2026-33065

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling DELETE requests with an empty supi path parameter. This leak...

6.9CVSS5.7AI score0.00282EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.10 views

free5GC 代码问题漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 1.4.2 contained code vulnerabilities. These vulnerabilities stemmed from improper null pointer checks in the GetSupiFromSuciSupiMap function, which could lead to denial-of-service attacks...

8.7CVSS6.5AI score0.00652EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.14 views

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 1.4.2 contained security vulnerabilities. These vulnerabilities stemmed from UDM’s improper handling of PATCH requests with empty supi path parameters. UDM incorrectly converted downstrea...

8.7CVSS6.4AI score0.00321EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.11 views

free5GC 安全漏洞

Free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of Free5GC prior to 1.4.2 contained a security vulnerability. This vulnerability stemmed from an empty byte injection in the supi path parameter of the UDM’s NudmSubscriberDataManagement API, which could lea...

8.7CVSS6.4AI score0.00354EPSS
Exploits0References2
OSV
OSV
added 2026/03/20 12:0 a.m.10 views

UBUNTU-CVE-2026-33192

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with an empty supi path parameter...

8.7CVSS5.8AI score0.00321EPSS
Exploits1References5
OSV
OSV
added 2026/03/20 12:0 a.m.6 views

UBUNTU-CVE-2026-33065

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling DELETE requests with an empty supi path parameter. This leak...

6.9CVSS5.8AI score0.00282EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2026/03/20 12:0 a.m.8 views

CVE-2026-33192

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with an empty supi path parameter...

8.7CVSS5.7AI score0.00321EPSS
Exploits1References4
OSV
OSV
added 2026/03/18 8:11 p.m.7 views

GHSA-5RVC-5CWX-G5X8 free5GC UDM incorrectly returns 500 for empty supi path parameter in PATCH sdm-subscriptions reques

Impact This is an Improper Error Handling vulnerability with Information Exposure implications, combined with an HTTP Method Translation issue. - Security Impact: The UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with ...

8.7CVSS5.7AI score0.00321EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/03/18 8:11 p.m.17 views

free5GC UDM incorrectly returns 500 for empty supi path parameter in PATCH sdm-subscriptions reques

Impact This is an Improper Error Handling vulnerability with Information Exposure implications, combined with an HTTP Method Translation issue. - Security Impact: The UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling PATCH requests with ...

8.7CVSS5.7AI score0.00321EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/03/18 8:7 p.m.12 views

GHSA-958M-GXMC-MCCM free5GC UDM incorrectly returns 500 for empty supi path parameter in DELETE sdm-subscriptions request

Impact This is an Improper Error Handling vulnerability with Information Exposure implications. - Security Impact: The UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling DELETE requests with an empty supi path parameter. This leaks intern...

6.9CVSS5.7AI score0.00282EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/03/18 8:6 p.m.13 views

free5GC AUSF UE Authentication Panic on Nil SuciSupiMap Interface Conversion

Impact This is an Improper Null Check vulnerability leading to Denial of Service. - Security Impact: A remote attacker can cause the AUSF service to panic and crash by sending a crafted UE authentication request that triggers a nil interface conversion in the GetSupiFromSuciSupiMap function. This...

8.7CVSS5.9AI score0.00652EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.12 views

PT-2026-26208

Impact This is an Improper Input Validation vulnerability with Denial of Service and Injection implications. - Security Impact: A remote attacker can inject null bytes URL-encoded as %00 into the supi path parameter of the UDM's Nudm SubscriberDataManagement API. This causes URL parsing failure i...

8.7CVSS5.8AI score0.00354EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.7 views

PT-2026-26187

Impact This is an Improper Error Handling vulnerability with Information Exposure implications. - Security Impact: The UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling DELETE requests with an empty supi path parameter. This leaks intern...

6.9CVSS5.8AI score0.00282EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2026/02/25 4:6 a.m.16 views

CVE-2026-27642

free5gc UDM provides Unified Data Management UDM for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, remote attackers can inject control characters e.g., %00 into the supi parameter, triggering internal URL parsing errors net/url:...

8.7CVSS5.4AI score0.00506EPSS
Exploits1References1
Snyk
Snyk
added 2026/02/24 3:27 a.m.4 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the supi parameter. An attacker can cause internal URL parsing errors and expose system-level error details by injecting control characters, such as %00, into requests. This can be used for service fingerprintin...

8.7CVSS5.9AI score0.00506EPSS
Exploits1References2
NVD
NVD
added 2026/02/24 1:16 a.m.14 views

CVE-2026-27642

free5gc UDM provides Unified Data Management UDM for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, remote attackers can inject control characters e.g., %00 into the supi parameter, triggering internal URL parsing errors net/url:...

8.7CVSS0.00506EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/24 12:18 a.m.3 views

CVE-2026-27642

free5gc UDM provides Unified Data Management UDM for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, remote attackers can inject control characters e.g., %00 into the supi parameter, triggering internal URL parsing errors net/url:...

8.7CVSS5.4AI score0.00506EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/02/24 12:18 a.m.23 views

CVE-2026-27642 free5GC has Improper Input Validation in UDM UEAU Service

free5gc UDM provides Unified Data Management UDM for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, remote attackers can inject control characters e.g., %00 into the supi parameter, triggering internal URL parsing errors net/url:...

8.7CVSS0.00506EPSS
Exploits1References4
Rows per page
Query Builder