Lucene search
K

5 matches found

NVD
NVD
added 2026/05/27 5:16 p.m.24 views

CVE-2026-44328

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. On top of that, the DELETE /upi/v1/upNodesLinks/upNodeRef handler unconditionally dereferences upNode.UPF after the type-guarded...

8.2CVSS0.00324EPSS
Exploits1References4
NVD
NVD
added 2026/05/27 5:16 p.m.34 views

CVE-2026-44321

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. The POST /upi/v1/upNodesLinks create-or-update handler accepts attacker-controlled JSON and passes it directly into...

7.5CVSS0.00364EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/05/27 3:47 p.m.15 views

CVE-2026-44321

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. The POST /upi/v1/upNodesLinks create-or-update handler accepts attacker-controlled JSON and passes it directly into...

7.5CVSS5.8AI score0.00364EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 3:39 p.m.9 views

CVE-2026-44328

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. On top of that, the DELETE /upi/v1/upNodesLinks/upNodeRef handler unconditionally dereferences upNode.UPF after the type-guarded...

8.2CVSS5.8AI score0.00324EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/05/27 3:39 p.m.3 views

CVE-2026-44328 free5GC: SMF UPI DELETE /upi/v1/upNodesLinks/{ref} panics on AN-node deletion via nil UPF dereference; unauthenticated, state-mutating

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. On top of that, the DELETE /upi/v1/upNodesLinks/upNodeRef handler unconditionally dereferences upNode.UPF after the type-guarded...

8.2CVSS6AI score0.00324EPSS
Exploits1References6
Rows per page
Query Builder