PT-2026-21564

Name of the Vulnerable Software and Affected Versions free5GC go-upf versions prior to 1.2.8 Description The go-upf component of free5GC, a User Plane Function UPF implementation for 5G networks, contains a Heap-based Buffer Overflow. A specially crafted PFCP Session Modification Request with an...

CVE-2025-65564

A denial-of-service vulnerability exists in the omec-upf upf-epc-pfcpiface in version upf-epc-pfcpiface:2.1.3-dev. When the UPF receives a PFCP Association Setup Request that is missing the mandatory Recovery Time Stamp Information Element, the association setup handler dereferences a nil pointer...

CVE-2025-29339

Open5GS UPF (up to v2.7.2) is affected by CVE-2025-29339. An assertion failure occurs during PFCP Session Establishment Requests when PDN Type is 0, due to improper handling of an invalid value propagated from SMF (or via direct attack), leading to a fatal assertion and daemon crash. The vulnerab...

CVE-2025-29339

An issue in UPF in Open5GS UPF versions up to v2.7.2 results an assertion failure vulnerability in PFCP session parameter validation. When processing a PFCP Session Establishment Request with PDN Type=0, the UPF fails to handle the invalid value propagated from SMF or via direct attack, triggerin...