VYPR

Free5gc

by Free5gc

Source repositories

CVEs (67)

  • CVE-2026-44318MedMay 27, 2026
    risk 0.35cvss 6.5epss 0.00

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's BSF PUT /nbsf-management/v1/subscriptions/{subId} handler has an unsynchronized write on the global Subscriptions map. The handler first reads the map under RLock() via…

  • CVE-2026-44317MedMay 27, 2026
    risk 0.35cvss 6.5epss 0.00

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's PCF POST /npcf-policyauthorization/v1/app-sessions handler panics on a single authenticated request whose ascReqData.suppFeat == "1" (enabling traffic-routing feature negotiation) and…

  • CVE-2026-42081MedMay 27, 2026
    risk 0.33cvss 6.1epss 0.00

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored values, as mandated by 3GPP TS 33.501 §6.7.3.1. A malicious…

  • CVE-2026-40343MedApr 22, 2026
    risk 0.31cvss 5.8epss 0.10

    free5GC UDR is the user data repository (UDR) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.2, a fail-open request handling flaw in the UDR service causes the `/nudr-dr/v2/policy-data/subs-to-notify` POST…

  • CVE-2026-41136MedApr 22, 2026
    risk 0.27cvss 5.3epss 0.00

    free5GC AMF provides Access & Mobility Management Function (AMF) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. Prior to version 1.4.3, the `HTTPUEContextTransfer` handler in `internal/sbi/api_communication.go` does not include a `default`…

  • CVE-2026-40249MedApr 16, 2026
    risk 0.27cvss 5.3epss 0.00

    free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for updating Policy Data notification subscriptions at /nudr-dr/v2/policy-data/subs-to-notify/{subsId} does not return after request body retrieval or…

  • CVE-2026-4531MedMar 22, 2026
    risk 0.27cvss 5.3epss 0.00

    A weakness has been identified in Free5GC 4.1.0. Affected is the function HandleRegistrationComplete of the file internal/gmm/handler.go of the component AMF. Executing a manipulation can lead to denial of service. The attack may be performed from remote. This patch is called…

  • CVE-2026-44323MedMay 27, 2026
    risk 0.21cvss 4.3epss 0.00

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/{ueId}/{servingPlmnId}/ee-subscriptions/{subsId}/amf-subscriptions handler contains a nil-pointer dereference reachable from a single authenticated…

  • CVE-2026-42082LowMay 27, 2026
    risk 0.17cvss 3.7epss 0.00

    free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not enforce the concurrent security procedure rules defined in 3GPP TS 33.501 §6.9.5.1. The AMF does not check for ongoing N2 handover procedures before initiating a NAS…

  • CVE-2026-5360LowApr 2, 2026
    risk 0.17cvss 3.7epss 0.00

    A vulnerability has been found in Free5GC 4.2.0. The affected element is an unknown function of the component aper. Such manipulation leads to type confusion. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as…

  • CVE-2022-38870Oct 25, 2022
    risk 0.04cvss epss 0.03

    Free5gc v3.2.1 is vulnerable to Information disclosure.

  • CVE-2026-47780Jun 11, 2026
    risk 0.00cvss epss 0.00

    ### Summary The free5GC UDR accepts arbitrary non-3GPP ueId values in the EE subscription creation and query flows because the regular expression used for validation ends with the catch-all alternative |.+. This causes the validation logic to accept any non-empty string rather…

  • CVE-2026-30653Mar 24, 2026
    risk 0.00cvss epss 0.00

    An issue in Free5GC v.4.2.0 and before allows a remote attacker to cause a denial of service via the function HandleAuthenticationFailure of the component AMF

  • CVE-2026-33192Mar 20, 2026
    risk 0.00cvss epss 0.00

    Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request (from UDR) into a 500 Internal Server Error when handling PATCH requests with an empty supi path…

  • CVE-2026-33065Mar 20, 2026
    risk 0.00cvss epss 0.00

    Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request (from UDR) into a 500 Internal Server Error when handling DELETE requests with an empty supi…

  • CVE-2026-33064Mar 20, 2026
    risk 0.00cvss epss 0.00

    Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions prior to 1.4.2 are vulnerable to procedure panic caused by Nil Pointer Dereference in the /sdm-subscriptions endpoint. A remote attacker can cause the UDM service to panic…

  • CVE-2026-33191Mar 20, 2026
    risk 0.00cvss epss 0.00

    Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions prior to 1.4.2 are vulnerable to null byte injection in URL path parameters. A remote attacker can inject null bytes (URL-encoded as %00) into the supi path parameter of the…

  • CVE-2026-26025Feb 24, 2026
    risk 0.00cvss epss 0.00

    free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, SMF panics and terminates when processing a malformed PFCP SessionReportRequest on the PFCP (UDP/8805)…

  • CVE-2026-26024Feb 24, 2026
    risk 0.00cvss epss 0.00

    free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, SMF panics and terminates when processing a malformed PFCP SessionReportRequest on the PFCP (UDP/8805)…

  • CVE-2025-69208Feb 23, 2026
    risk 0.00cvss epss 0.00

    free5GC UDR is the user data repository (UDR) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. Versions prior to 1.4.1 contain an Improper Error Handling vulnerability with Information Exposure. All deployments of free5GC using the…