GO-2026-4995 free5GC's SMF UPI management interface lacks auth middleware; unauthenticated topology read/write requests reach handlers in github.com/free5gc/smf

free5GC's SMF UPI management interface lacks auth middleware; unauthenticated topology read/write requests reach handlers in github.com/free5gc/smf...

CVE-2026-8187 Open5GS UPF gtp-path.c _gtpv1_u_recv_cb resource consumption

A flaw has been found in Open5GS up to 2.7.7. This impacts the function gtpv1urecvcb of the file src/upf/gtp-path.c of the component UPF. Executing a manipulation can lead to resource consumption. The attack may be performed from remote. The project was informed of the problem early through an...

PT-2026-39332

Name of the Vulnerable Software and Affected Versions Open5GS versions prior to 2.7.8 Description A flaw in the User Plane Function UPF component allows a remote attacker to cause resource consumption. This issue occurs within the gtpv1 u recv cb function located in the src/upf/gtp-path.c file...

Open5GS 资源管理错误漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.7 and earlier contain a resource management vulnerability. This vulnerability stems from operations performed by the gtpv1urecvcb function in th...

CVE-2026-26024

free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, SMF panics and terminates when processing a malformed PFCP SessionReportRequest on the PFCP UDP/8805 interface. No known upstrea...

CVE-2025-69232

free5GC is an open-source project for 5th generation 5G mobile core networks. free5GC go-upf versions up to and including 1.2.6, corresponding to free5gc smf up to and including 1.4.0, have an Improper Input Validation and Protocol Compliance vulnerability leading to Denial of Service. Remote...

CVE-2025-69247

free5GC go-upf is the User Plane Function UPF implementation for 5G networks that is part of the free5GC project. Versions prior to 1.2.8 have a Heap-based Buffer Overflow CWE-122 vulnerability leading to Denial of Service. Remote attackers can crash the UPF network element by sending a specially...

CVE-2025-69247 free5GC has Heap Buffer Overflow in UPF Leading to Denial of Service

free5GC go-upf is the User Plane Function UPF implementation for 5G networks that is part of the free5GC project. Versions prior to 1.2.8 have a Heap-based Buffer Overflow CWE-122 vulnerability leading to Denial of Service. Remote attackers can crash the UPF network element by sending a specially...

CVE-2025-69247

The CVE-2025-69247 entry concerns the free5GC go-upf UPF component. Versions prior to 1.2.8 are affected by a Heap-based Buffer Overflow (CWE-122) triggered by a PFCP Session Modification Request with an invalid SDF Filter length field, causing denial of service and potential cascading SMF impact...

CVE-2025-69247 free5GC has Heap Buffer Overflow in UPF Leading to Denial of Service

free5GC go-upf is the User Plane Function UPF implementation for 5G networks that is part of the free5GC project. Versions prior to 1.2.8 have a Heap-based Buffer Overflow CWE-122 vulnerability leading to Denial of Service. Remote attackers can crash the UPF network element by sending a specially...

CVE-2025-69232 free5GC hasProtocol Compliance Violation in UPF Leading to SMF Service Disruption

free5GC is an open-source project for 5th generation 5G mobile core networks. free5GC go-upf versions up to and including 1.2.6, corresponding to free5gc smf up to and including 1.4.0, have an Improper Input Validation and Protocol Compliance vulnerability leading to Denial of Service. Remote...

CVE-2025-69232 free5GC hasProtocol Compliance Violation in UPF Leading to SMF Service Disruption

free5GC is an open-source project for 5th generation 5G mobile core networks. free5GC go-upf versions up to and including 1.2.6, corresponding to free5gc smf up to and including 1.4.0, have an Improper Input Validation and Protocol Compliance vulnerability leading to Denial of Service. Remote...

CVE-2025-69232 free5GC hasProtocol Compliance Violation in UPF Leading to SMF Service Disruption

free5GC is an open-source project for 5th generation 5G mobile core networks. free5GC go-upf versions up to and including 1.2.6, corresponding to free5gc smf up to and including 1.4.0, have an Improper Input Validation and Protocol Compliance vulnerability leading to Denial of Service. Remote...

CVE-2025-70123

An improper input validation and protocol compliance vulnerability in free5GC v4.0.1 allows remote attackers to cause a denial of service. The UPF incorrectly accepts a malformed PFCP Association Setup Request, violating 3GPP TS 29.244. This places the UPF in an inconsistent state where a...

PT-2026-8008

Name of the Vulnerable Software and Affected Versions free5GC version 4.0.1 Description An improper input validation and protocol compliance issue exists in free5GC version 4.0.1. The UPF component incorrectly accepts a malformed PFCP Association Setup Request, violating 3GPP TS 29.244. This lead...

CVE-2025-70123

Summary of CVE-2025-70123 : In free5GC v4.0.1, the UPF fails to validate a malformed PFCP Association Setup Request, violating 3GPP TS 29.244. This leads to an inconsistent UPF state, and a subsequent valid PFCP Session Establishment Request can trigger a cascading failure that disrupts the SMF c...

CVE-2025-70122

CVE-2025-70122 affects free5GC v4.0.1 UPF. The root cause is a heap buffer overflow in SDFFilterFields.UnmarshalBinary (sdf-filter.go) triggered when a declared length exceeds the actual buffer capacity, causing a runtime panic and UPF crash. Documents indicate remote exploitation over the networ...

EUVD-2025-205531

A flaw has been found in omec-project UPF up to 2.1.3-dev. This affects the function handleSessionEstablishmentRequest of the file /pfcpiface/pfcpiface/messagessession.go of the component PFCP Session Establishment Request Handler. This manipulation causes null pointer dereference. The attack may...

UPF 代码问题漏洞

UPF is an open source user interface from the Aether SD-Core Project. A code issue vulnerability exists in UPF 2.1.3-dev and earlier versions, which originates in the PFCP Session Establishment Request Handler component function in file /pfcpiface/pfcpiface/messagessession.go. A null pointer...

CVE-2025-65567

A denial-of-service vulnerability exists in the omec-project UPF pfcpiface component in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association, a specially crafted PFCP Session Establishment Request with a CreatePDR that contains a malformed Flow-Description is not robustly validated. The...