VYPR

Free5gc

by Free5gc

Source repositories

CVEs (67)

  • CVE-2026-44330CriMay 27, 2026
    risk 0.65cvss 10.0epss 0.00

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-pfdmanagement route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can use a forged or arbitrary bearer token…

  • CVE-2026-44329CriMay 27, 2026
    risk 0.58cvss 10.0epss 0.00

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without OAuth2/bearer-token authorization middleware. A network attacker who can reach SMF on the SBI can hit UPI endpoints with no Authorization…

  • CVE-2026-44327CriMay 27, 2026
    risk 0.58cvss 10.0epss 0.00

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-oam route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can hit the OAM route with no Authorization header at…

  • CVE-2026-44326CriMay 27, 2026
    risk 0.54cvss 9.4epss 0.00

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-traffic-influence API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, patch, and delete…

  • CVE-2026-44315CriMay 27, 2026
    risk 0.54cvss 9.4epss 0.00

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the 3gpp-pfd-management API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can create, read, and delete PFD-management…

  • CVE-2026-40246HigApr 16, 2026
    risk 0.49cvss 7.5epss 0.00

    free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the UDR service, the handler for deleting Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP…

  • CVE-2026-44328HigMay 27, 2026
    risk 0.46cvss 8.2epss 0.00

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. On top of that, the DELETE /upi/v1/upNodesLinks/{upNodeRef} handler unconditionally dereferences upNode.UPF…

  • CVE-2026-42083HigMay 27, 2026
    risk 0.46cvss 8.2epss 0.00

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, PCF Npcf_SMPolicyControl missing authentication middleware allows unauthenticated access to SM policy handlers and disclosure of subscriber SUPI. In NewServer(), the smPolicyGroup route group is…

  • CVE-2026-44325HigMay 27, 2026
    risk 0.42cvss 7.5epss 0.00

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NRF root SBI endpoint POST /oauth2/token contains a parser-level type-confusion bug family. The handler in NFs/nrf/internal/sbi/api_accesstoken.go reflects over…

  • CVE-2026-44322HigMay 27, 2026
    risk 0.42cvss 7.5epss 0.00

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF PATCH /3gpp-pfd-management/v1/{afId}/transactions/{transId}/applications/{appId} handler panics with a nil-pointer dereference when the upstream UDR call fails AND the consumer wrapper…

  • CVE-2026-44321HigMay 27, 2026
    risk 0.42cvss 7.5epss 0.00

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. The POST /upi/v1/upNodesLinks create-or-update handler accepts attacker-controlled JSON and passes it directly…

  • CVE-2026-44319HigMay 27, 2026
    risk 0.42cvss 7.5epss 0.00

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF terminates the entire process when a stored PFD-subscription notifyUri cannot be reached. In PfdChangeNotifier.FlushNotifications(), the notifier calls NnefPFDmanagementNotify(...) and…

  • CVE-2026-44316HigMay 27, 2026
    risk 0.42cvss 7.5epss 0.00

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's PCF POST /npcf-smpolicycontrol/v1/sm-policies handler (HandleCreateSmPolicyRequest) panics with a nil-pointer dereference when a downstream OpenAPI consumer call (UDR lookup) returns 404…

  • CVE-2026-42459HigMay 27, 2026
    risk 0.42cvss 7.5epss 0.00

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the free5GC UDM component fails to validate the supi path parameter in six GET handlers of the nudm-sdm (Subscriber Data Management) service. An unauthenticated attacker can inject control…

  • CVE-2026-41135HigApr 22, 2026
    risk 0.42cvss 7.5epss 0.01

    free5GC UDR is the Policy Control Function (PCF) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. A memory leak vulnerability in versions prior to 1.4.3 allows any unauthenticated attacker with network access to the PCF SBI interface to cause…

  • CVE-2026-40248HigApr 16, 2026
    risk 0.42cvss 7.5epss 0.00

    free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for creating or updating Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after…

  • CVE-2026-40247HigApr 16, 2026
    risk 0.42cvss 7.5epss 0.00

    free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for reading Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP…

  • CVE-2026-40245HigApr 16, 2026
    risk 0.42cvss 7.5epss 0.01

    Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions 4.2.1 and below contain an information disclosure vulnerability in the UDR (Unified Data Repository) service. The handler for GET /nudr-dr/v2/application-data/influenceData/s…

  • CVE-2026-44320HigMay 27, 2026
    risk 0.40cvss 7.3epss 0.00

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-callback route group without inbound OAuth2/bearer-token authorization. A forged or arbitrary bearer token (e.g. Authorization: Bearer not-a-real-token) is enough to…

  • CVE-2026-44324MedMay 27, 2026
    risk 0.35cvss 6.5epss 0.00

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/{ueId}/{servingPlmnId}/ee-subscriptions/{subsId}/amf-subscriptions handler panics on a single authenticated request against a fresh UDR instance when…

Page 1 of 4