Medium severity5.3NVD Advisory· Published Mar 22, 2026· Updated Apr 24, 2026
CVE-2026-4531
CVE-2026-4531
Description
A weakness has been identified in Free5GC 4.1.0. Affected is the function HandleRegistrationComplete of the file internal/gmm/handler.go of the component AMF. Executing a manipulation can lead to denial of service. The attack may be performed from remote. This patch is called 52e9386401ce56ea773c5aa587d4cdf7d53da799. It is best practice to apply a patch to resolve this issue.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/free5gc/amfGo | < 1.4.3-0.20260306074636-52e9386401ce | 1.4.3-0.20260306074636-52e9386401ce |
Affected products
1Patches
152e9386401ceMerge pull request #198 from wiwi878/fix/gmm/guard-registration-complete-before-accept
1 file changed · +3 −0
internal/gmm/handler.go+3 −0 modified@@ -2224,6 +2224,9 @@ func HandleRegistrationComplete(ue *context.AmfUe, accessType models.AccessType, ) error { ue.GmmLog.Info("Handle Registration Complete") + if ue.T3550 == nil { + return fmt.Errorf("unexpected Registration Complete: T3550 not running") + } ue.StopT3550() // Release existed old SmContext when Initial Registration completed
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- github.com/advisories/GHSA-xq44-64rg-8g3hghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-4531ghsaADVISORY
- github.com/free5gc/amf/commit/52e9386401ce56ea773c5aa587d4cdf7d53da799nvdWEB
- github.com/free5gc/amf/pull/198nvdWEB
- github.com/free5gc/free5gc/issues/792nvdWEB
- vuldb.comnvdWEB
- vuldb.comnvdWEB
- vuldb.comnvdWEB
News mentions
0No linked articles in our index yet.