VYPR

Go modules package

github.com/free5gc/pcf

pkg:golang/github.com/free5gc/pcf

Vulnerabilities (5)

  • CVE-2026-44317MedMay 27, 2026
    affected < 1.4.3fixed 1.4.3

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's PCF POST /npcf-policyauthorization/v1/app-sessions handler panics on a single authenticated request whose ascReqData.suppFeat == "1" (enabling traffic-routing feature negotiation) and whose

  • CVE-2026-44316HigMay 27, 2026
    affected < 1.4.2fixed 1.4.2

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's PCF POST /npcf-smpolicycontrol/v1/sm-policies handler (HandleCreateSmPolicyRequest) panics with a nil-pointer dereference when a downstream OpenAPI consumer call (UDR lookup) returns 404 No

  • CVE-2026-42083HigMay 27, 2026
    affected < 1.4.3fixed 1.4.3

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, PCF Npcf_SMPolicyControl missing authentication middleware allows unauthenticated access to SM policy handlers and disclosure of subscriber SUPI. In NewServer(), the smPolicyGroup route group is crea

  • CVE-2026-41135HigApr 22, 2026
    affected < 1.4.3fixed 1.4.3

    free5GC UDR is the Policy Control Function (PCF) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. A memory leak vulnerability in versions prior to 1.4.3 allows any unauthenticated attacker with network access to the PCF SBI interface to cause u

  • CVE-2025-60632Nov 24, 2025
    affected < 1.4.0fixed 1.4.0

    An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Npcf_BDTPolicyControl API.