VYPR
High severity7.5GHSA Advisory· Published May 27, 2026· Updated May 28, 2026

CVE-2026-42459

CVE-2026-42459

Description

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the free5GC UDM component fails to validate the supi path parameter in six GET handlers of the nudm-sdm (Subscriber Data Management) service. An unauthenticated attacker can inject control characters into the SUPI parameter, causing UDM to forward a malformed request to UDR and return a 500 Internal Server Error response that exposes internal infrastructure details. This vulnerability is fixed in 4.2.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/free5gc/udmGo
<= 1.4.3

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

1