Critical severity10.0GHSA Advisory· Published May 27, 2026· Updated May 28, 2026
CVE-2026-44329
CVE-2026-44329
Description
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without OAuth2/bearer-token authorization middleware. A network attacker who can reach SMF on the SBI can hit UPI endpoints with no Authorization header at all, and the requests reach the SMF business handlers. In the running Docker lab this was directly demonstrated for read (GET /upi/v1/upNodesLinks), write (POST /upi/v1/upNodesLinks with attacker-controlled UP-node and link payload), and delete (DELETE /upi/v1/upNodesLinks/{nodeID}) operations. This vulnerability is fixed in 4.2.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/free5gc/smfGo | < 1.4.3 | 1.4.3 |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/free5gc/smf/commit/e23ce97565f285eb99eed153743c62bf4c767c6envdPatchWEB
- github.com/free5gc/smf/pull/197nvdIssue TrackingPatchWEB
- github.com/free5gc/free5gc/issues/887nvdExploitIssue TrackingWEB
- github.com/free5gc/free5gc/security/advisories/GHSA-3258-qmv8-frp3nvdExploitVendor AdvisoryWEB
- github.com/advisories/GHSA-3258-qmv8-frp3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-44329ghsaADVISORY
News mentions
1- Free5gc 4.2.2: 20 CVEs Land in Single Disclosure — Missing Auth, Panics, and Protocol FlawsVypr Intelligence · May 27, 2026