Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

RedhatCVE
RedhatCVEadded 2026/06/05 7:11 p.m.7 views

CVE-2026-44321

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. The POST /upi/v1/upNodesLinks create-or-update handler accepts attacker-controlled JSON and passes it directly into...

7.5CVSS5.5AI score0.00337EPSS
Exploits1References1
Cvelist
Cvelistadded 2026/05/27 3:47 p.m.43 views

CVE-2026-44321 free5GC: SMF UPI POST /upi/v1/upNodesLinks exits the SMF process on overlapping UE pools (unauthenticated, reachable Fatalf)

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. The POST /upi/v1/upNodesLinks create-or-update handler accepts attacker-controlled JSON and passes it directly into...

7.5CVSS0.00337EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2026/05/27 3:38 p.m.8 views

CVE-2026-44329 free5GC: SMF UPI management interface lacks auth middleware; unauthenticated topology read/write requests reach handlers

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without OAuth2/bearer-token authorization middleware. A network attacker who can reach SMF on the SBI can hit UPI endpoints with no Authorization header at all, and...

10CVSS5.8AI score0.00305EPSS
Exploits1References4
CVE
CVEadded 2026/05/27 3:38 p.m.19 views

CVE-2026-44329

CVE-2026-44329 affects free5GC SMF v4.2.1 where the UPI management route group is mounted without OAuth2/bearer-token auth. Consequently, unauthenticated requests to /upi/v1/upNodesLinks (GET, POST with attacker-controlled payload, DELETE /upi/v1/upNodesLinks/{nodeID}) can reach SMF business hand...

10CVSS5.8AI score0.00305EPSS
Exploits1References4Affected Software1
CNNVD
CNNVDadded 2026/05/27 12:0 a.m.7 views

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained security vulnerabilities. These vulnerabilities stemmed from SMF failing to include the necessary inbound OAuth2 middleware when mounting UPI management routing groups. Th...

7.5CVSS5.8AI score0.00337EPSS
Exploits1References4
Snyk
Snykadded 2026/05/08 11:2 p.m.3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to the absence of authentication and authorization checks in the UPI management interface. An attacker can gain unauthorized access to read, modify, or delete UP-node and link topology data by sending...

10CVSS5.8AI score0.00305EPSS
Exploits1References3
Rows per page
Query Builder