CVE Tools

free5gc

Networking Infrastructureoss-project

72

Cumulative CVEs

7

Monthly snapshots

#49

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting free5gc.

CVE-2026-42081free5GC: UE Security Capability bypass on NGAP PathSwitchRequest6.1May 27, 2026
CVE-2026-42082free5GC: Missing Concurrent NAS SMC Validation During NGAP Handover3.7May 27, 2026
CVE-2026-42083free5GC: PCF Npcf_SMPolicyControl missing authentication middleware allows unauthenticated access to SM policy handlers and disclosure of subscriber SUPI8.2May 27, 2026
CVE-2026-42459free5GC: Improper Input Validation and Generation of Error Message Containing Sensitive Information in github.com/free5gc/udm7.5May 27, 2026
CVE-2026-44315free5GC: NEF 3gpp-pfd-management API is unauthenticated; forged bearer tokens can create, read, and delete PFD transactions9.4May 27, 2026
CVE-2026-44316free5GC: PCF npcf-smpolicycontrol POST /sm-policies panics on downstream UDR/OpenAPI 404 via nil pointer dereference7.5May 27, 2026
CVE-2026-44317free5GC: PCF npcf-policyauthorization POST /app-sessions panics on suppFeat=1 with missing AfRoutReq via nil pointer dereference6.5May 27, 2026
CVE-2026-44319free5GC: NEF crashes via logger.Fatal on PFD notification delivery failure (attacker-controlled notifyUri)7.5May 27, 2026
CVE-2026-44320free5GC: NEF nnef-callback route group is unauthenticated; forged callback requests are accepted into the processing path7.3May 27, 2026
CVE-2026-44321free5GC: SMF UPI POST /upi/v1/upNodesLinks exits the SMF process on overlapping UE pools (unauthenticated, reachable Fatalf)7.5May 27, 2026
CVE-2026-44322free5GC: NEF 3gpp-pfd-management PATCH applications/{appId} panics on UDR access failure due to nil ProblemDetails dereference7.5May 27, 2026
CVE-2026-44323free5GC: UDR nudr-dr DELETE amf-subscriptions panics on missing subsId when UE state exists (nil pointer dereference)4.3May 27, 2026
CVE-2026-44324free5GC: UDR nudr-dr DELETE amf-subscriptions panics on missing UE state via nil interface type assertion (single authenticated request)6.5May 27, 2026
CVE-2026-44325free5GC: NRF POST /oauth2/token structured-form parser type-confusion panic family (Reflect.Set on incompatible types)7.5May 27, 2026
CVE-2026-44326free5GC: NEF 3gpp-traffic-influence API is unauthenticated; missing or forged bearer tokens can create, read, patch, and delete subscriptions9.4May 27, 2026