VYPR

Go modules package

github.com/free5gc/smf

pkg:golang/github.com/free5gc/smf

Vulnerabilities (3)

  • CVE-2026-44329CriMay 27, 2026
    affected < 1.4.3fixed 1.4.3

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without OAuth2/bearer-token authorization middleware. A network attacker who can reach SMF on the SBI can hit UPI endpoints with no Authorization h

  • CVE-2026-44328HigMay 27, 2026
    affected < 1.4.3fixed 1.4.3

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. On top of that, the DELETE /upi/v1/upNodesLinks/{upNodeRef} handler unconditionally dereferences upNode.UPF afte

  • CVE-2026-44321HigMay 27, 2026
    affected <= 1.4.3

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. The POST /upi/v1/upNodesLinks create-or-update handler accepts attacker-controlled JSON and passes it directly i