Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-40248— free5gc UDR improper path validation allows unauthenticated creation and modification of Traffic Influence Subscriptions

EPSS 0.03% · P8
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-40248

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
free5gc UDR improper path validation allows unauthenticated creation and modification of Traffic Influence Subscriptions
Source: NVD (National Vulnerability Database)
Vulnerability Description
free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for creating or updating Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when validation fails. Execution continues and the subscription is created or overwritten regardless. An unauthenticated attacker with access to the 5G Service Based Interface can create or overwrite arbitrary Traffic Influence Subscriptions, including injecting attacker-controlled notificationUri values and arbitrary SUPIs, by supplying any value for the influenceId path segment. A patched version was not available at the time of publication.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
free5GC 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
free5GC是free5GC开源的一个第 5 代 (5G) 移动核心网络的开源项目。 free5GC 4.2.1及之前版本存在安全漏洞,该漏洞源于UDR服务中创建或更新流量影响订阅的处理程序在验证失败后未正确返回,导致继续执行并创建或覆盖订阅,未经身份验证的攻击者可通过访问5G服务接口创建或覆盖包含攻击者控制通知URI和任意SUPI的流量影响订阅。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
free5gcfree5gc <= 1.4.2 -

II. Public POCs for CVE-2026-40248

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-40248

登录查看更多情报信息。

Same Patch Batch · free5gc · 2026-04-16 · 4 CVEs total

CVE-2026-40247free5gc UDR improper path validation allows unauthenticated access to Traffic Influence Su
CVE-2026-40249free5gc UDR fail-open request handling in PolicyDataSubsToNotifySubsIdPut may allow uninte
CVE-2026-40246free5gc UDR improper path validation allows unauthenticated deletion of Traffic Influence

IV. Related Vulnerabilities

Same product: free5gc
Same vendor: free5gc
Same weakness: CWE-285

V. Comments for CVE-2026-40248

No comments yet

Leave a comment