244 matches found
Malicious code in ue-python-tools (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66a6d9d874ce102a9ac674f8f713472a473007dc3d51adb869c5198afc708751 On import uepythontools, the package spawns a background thread that issues an HTTP POST to http://109.123.247.172/pypi carrying a JSON payload...
MAL-2026-6730 Malicious code in ue-automation-scripts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cbc2db9a2a365d53d76fe7ca2a8f219f98118d99b53698cf7ce8b31cf81eda3f Package name 'ue-automation-scripts' with version 99999.0.0 is the canonical dependency-confusion shape used to hijack installs on internal CI system...
Malicious code in ue-automation-scripts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cbc2db9a2a365d53d76fe7ca2a8f219f98118d99b53698cf7ce8b31cf81eda3f Package name 'ue-automation-scripts' with version 99999.0.0 is the canonical dependency-confusion shape used to hijack installs on internal CI system...
MAL-2026-6731 Malicious code in ue-jenkins-buildkite (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f3f4ff9ea00766589ae9dece7648aa4ce29ac9bc82173fce0a1adefaeb6c8f5a [email protected] is a dependency-confusion package targeting an internal Epic Games / Unreal Engine CI namespace name evokes...
Malicious code in ue-jenkins-buildkite (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f3f4ff9ea00766589ae9dece7648aa4ce29ac9bc82173fce0a1adefaeb6c8f5a [email protected] is a dependency-confusion package targeting an internal Epic Games / Unreal Engine CI namespace name evokes...
GHSA-6GXQ-GPR8-XGJP free5GC UDR has improper `ueId` validation in EE subscription handlers that allows arbitrary identifier persistence
Summary The free5GC UDR accepts arbitrary non-3GPP ueId values in the EE subscription creation and query flows because the regular expression used for validation ends with the catch-all alternative |.+. This causes the validation logic to accept any non-empty string rather than restricting input ...
free5GC UDR has improper `ueId` validation in EE subscription handlers that allows arbitrary identifier persistence
Summary The free5GC UDR accepts arbitrary non-3GPP ueId values in the EE subscription creation and query flows because the regular expression used for validation ends with the catch-all alternative |.+. This causes the validation logic to accept any non-empty string rather than restricting input ...
CVE-2026-42081
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored values, as mandated by 3GPP TS 33.501 §6.7.3.1. A malicious gNB can overwrite the...
CVE-2026-10116 Open5GS ue-authentications Endpoint ogs-timer.c ogs_sbi_xact_add denial of service
A security flaw has been discovered in Open5GS up to 2.7.7. This vulnerability affects the function ogssbixactadd in the library /lib/core/ogs-timer.c of the component ue-authentications Endpoint. Performing a manipulation results in denial of service. The attack may be initiated remotely. The...
CVE-2026-10116
A security flaw has been discovered in Open5GS up to 2.7.7. This vulnerability affects the function ogssbixactadd in the library /lib/core/ogs-timer.c of the component ue-authentications Endpoint. Performing a manipulation results in denial of service. The attack may be initiated remotely. The...
EUVD-2026-33458
A security flaw has been discovered in Open5GS up to 2.7.7. This vulnerability affects the function ogssbixactadd in the library /lib/core/ogs-timer.c of the component ue-authentications Endpoint. Performing a manipulation results in denial of service. The attack may be initiated remotely. The...
CVE-2026-10116
Technical details are not publicly available in the provided documents. Monitor for updates. The description notes a denial‑of‑service vulnerability in Open5GS (ogs_sbi_xact_add in ogs-timer.c).
Open5GS 安全漏洞
Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the ue-authentications Endpoint component’s ogssbixactadd...
PT-2026-45093
A security flaw has been discovered in Open5GS up to 2.7.7. This vulnerability affects the function ogs sbi xact add in the library /lib/core/ogs-timer.c of the component ue-authentications Endpoint. Performing a manipulation results in denial of service. The attack may be initiated remotely. The...
CVE-2026-44324
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/ueId/servingPlmnId/ee-subscriptions/subsId/amf-subscriptions handler panics on a single authenticated request against a fresh UDR instance when the supplied ueId does n...
CVE-2026-44473
Ella Core is a 5G core designed for private networks. Prior to 1.10.0, a radio with a valid NG Setup can send a forged PDUSessionResourceSetupResponse carrying any UE's AMF-UE-NGAP-ID. Ella Core does not verify the message arrived on the SCTP association bound to that UE's logical NG-connection,...
CVE-2026-44475
Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored values. A malicious gNB can overwrite Ella Core's stored UE security capabilities for any UE with...
CVE-2026-42081 free5GC: UE Security Capability bypass on NGAP PathSwitchRequest
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored values, as mandated by 3GPP TS 33.501 §6.7.3.1. A malicious gNB can overwrite the...
EUVD-2026-32557
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored values, as mandated by 3GPP TS 33.501 §6.7.3.1. A malicious gNB can overwrite the...
CVE-2026-44321 free5GC: SMF UPI POST /upi/v1/upNodesLinks exits the SMF process on overlapping UE pools (unauthenticated, reachable Fatalf)
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. The POST /upi/v1/upNodesLinks create-or-update handler accepts attacker-controlled JSON and passes it directly into...