VYPR

Free5gc

by Free5gc

Source repositories

CVEs (67)

  • CVE-2026-2525Feb 16, 2026
    risk 0.00cvss epss 0.00

    A vulnerability has been found in Free5GC up to 4.1.0. This affects an unknown function of the component PFCP UDP Endpoint. Such manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

  • CVE-2025-70121Feb 13, 2026
    risk 0.00cvss epss 0.00

    An array index out of bounds vulnerability in the AMF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted 5GS Mobile Identity in a NAS Registration Request message. The issue occurs in the GetSUCI method (NAS_MobileIdentity5GS.go) when…

  • CVE-2025-70122Feb 13, 2026
    risk 0.00cvss epss 0.00

    A heap buffer overflow vulnerability in the UPF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted PFCP Session Modification Request. The issue occurs in the SDFFilterFields.UnmarshalBinary function (sdf-filter.go) when processing a…

  • CVE-2025-70123Feb 13, 2026
    risk 0.00cvss epss 0.00

    An improper input validation and protocol compliance vulnerability in free5GC v4.0.1 allows remote attackers to cause a denial of service. The UPF incorrectly accepts a malformed PFCP Association Setup Request, violating 3GPP TS 29.244. This places the UPF in an inconsistent…

  • CVE-2026-1976Feb 6, 2026
    risk 0.00cvss epss 0.01

    A weakness has been identified in Free5GC up to 4.1.0. Affected is the function SessionDeletionResponse of the component SMF. This manipulation causes null pointer dereference. The attack is possible to be carried out remotely. The exploit has been made available to the public…

  • CVE-2026-1975Feb 6, 2026
    risk 0.00cvss epss 0.01

    A security flaw has been discovered in Free5GC up to 4.1.0. This impacts the function identityTriggerType of the file pfcp_reports.go. The manipulation results in null pointer dereference. The attack can be executed remotely. The exploit has been released to the public and may…

  • CVE-2026-1974Feb 6, 2026
    risk 0.00cvss epss 0.01

    A vulnerability was identified in Free5GC up to 4.1.0. This affects the function ResolveNodeIdToIp of the file internal/sbi/processor/datapath.go of the component SMF. The manipulation leads to denial of service. Remote exploitation of the attack is possible. The exploit is…

  • CVE-2026-1973Feb 6, 2026
    risk 0.00cvss epss 0.01

    A vulnerability was determined in Free5GC up to 4.1.0. The impacted element is the function establishPfcpSession of the component SMF. Executing a manipulation can lead to null pointer dereference. The attack may be launched remotely. The exploit has been publicly disclosed and…

  • CVE-2026-1684Jan 30, 2026
    risk 0.00cvss epss 0.01

    A vulnerability was found in Free5GC SMF up to 4.1.0. Affected by this issue is the function HandleReports of the file /internal/context/pfcp_reports.go of the component PFCP UDP Endpoint. The manipulation results in denial of service. The attack can be executed remotely. It is…

  • CVE-2026-1683Jan 30, 2026
    risk 0.00cvss epss 0.01

    A vulnerability has been found in Free5GC SMF up to 4.1.0. Affected by this vulnerability is the function HandlePfcpSessionReportRequest of the file internal/pfcp/handler/handler.go of the component PFCP. The manipulation leads to denial of service. Remote exploitation of the…

  • CVE-2026-1682Jan 30, 2026
    risk 0.00cvss epss 0.01

    A flaw has been found in Free5GC SMF up to 4.1.0. Affected is the function HandlePfcpAssociationReleaseRequest of the file internal/pfcp/handler/handler.go of the component PFCP UDP Endpoint. Executing a manipulation can lead to null pointer dereference. The attack may be…

  • CVE-2025-66720Jan 23, 2026
    risk 0.00cvss epss 0.00

    Null pointer dereference in free5gc pcf 1.4.0 in file internal/sbi/processor/ampolicy.go in function HandleDeletePoliciesPolAssoId.

  • CVE-2025-65561Dec 18, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in function LocalNode.Sess in free5GC 4.1.0 allowing attackers to cause a denial of service or other unspecified impacts via crafted header Local SEID to the PFCP Session Modification Request.

  • CVE-2025-65562Dec 18, 2025
    risk 0.00cvss epss 0.00

    The free5GC UPF suffers from a lack of bounds checking on the SEID when processing PFCP Session Deletion Requests. An unauthenticated remote attacker can send a request with a very large SEID (e.g., 0xFFFFFFFFFFFFFFFF) that causes an integer conversion/underflow in…

  • CVE-2025-60633Nov 24, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via the Nudm_SubscriberDataManagement API.

  • CVE-2025-60632Nov 24, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Npcf_BDTPolicyControl API.

  • CVE-2025-60638Nov 24, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Nnssf_NSSAIAvailability API.

  • CVE-2025-63679Nov 12, 2025
    risk 0.00cvss epss 0.00

    free5gc v4.1.0 and before is vulnerable to Buffer Overflow. When AMF receives an UplinkRANConfigurationTransfer NGAP message from a gNB, the AMF process crashes.

  • CVE-2025-56394Sep 23, 2025
    risk 0.00cvss epss 0.00

    Free5gc 4.0.1 is vulnerable to Buffer Overflow. The AMF incorrectly validates the 5GS mobile identity, resulting in slice reference overflow.

  • CVE-2025-29632May 29, 2025
    risk 0.00cvss epss 0.00

    Buffer Overflow vulnerability in Free5gc v.4.0.0 allows a remote attacker to cause a denial of service via the AMF, NGAP, security.go, handler_generated.go, handleInitialUEMessageMain, DecodePlainNasNoIntegrityCheck, GetSecurityHeaderType components