CVE-2026-40249
Description
free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for updating Policy Data notification subscriptions at /nudr-dr/v2/policy-data/subs-to-notify/{subsId} does not return after request body retrieval or deserialization errors. Although HTTP 500 or 400 error responses are sent, execution continues and the processor is invoked with a potentially uninitialized or partially initialized PolicyDataSubscription object. This fail-open behavior may allow unintended modification of existing Policy Data notification subscriptions with invalid or empty input, depending on downstream processor and storage behavior. A patched version was not available at the time of publication.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/free5gc/udrGo | <= 1.4.2 | — |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/free5gc/free5gc/security/advisories/GHSA-gx38-8h33-pmxrnvdExploitThird Party AdvisoryMitigationWEB
- github.com/advisories/GHSA-gx38-8h33-pmxrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-40249ghsaADVISORY
News mentions
0No linked articles in our index yet.