Critical severity10.0GHSA Advisory· Published May 27, 2026· Updated May 28, 2026
CVE-2026-44327
CVE-2026-44327
Description
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-oam route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can hit the OAM route with no Authorization header at all and the handler returns 200 OK. The current OAM handler is a stub that returns null, but the structural defect is route-group-scoped: the entire OAM route group has no inbound auth middleware, so every future OAM operation added to this group inherits the missing auth boundary by default. This vulnerability is fixed in 4.2.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/free5gc/nefGo | <= 1.2.3 | — |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/free5gc/nef/pull/23nvdIssue TrackingPatchWEB
- github.com/free5gc/free5gc/issues/861nvdExploitIssue TrackingWEB
- github.com/free5gc/free5gc/security/advisories/GHSA-cmpj-2x3g-m7g3nvdExploitVendor AdvisoryWEB
- github.com/advisories/GHSA-cmpj-2x3g-m7g3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-44327ghsaADVISORY
News mentions
1- Free5gc 4.2.2: 20 CVEs Land in Single Disclosure — Missing Auth, Panics, and Protocol FlawsVypr Intelligence · May 27, 2026