Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-40249— free5gc UDR fail-open request handling in PolicyDataSubsToNotifySubsIdPut may allow unintended subscription updates after input errors

EPSS 0.02% · P7
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-40249

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
free5gc UDR fail-open request handling in PolicyDataSubsToNotifySubsIdPut may allow unintended subscription updates after input errors
Source: NVD (National Vulnerability Database)
Vulnerability Description
free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for updating Policy Data notification subscriptions at /nudr-dr/v2/policy-data/subs-to-notify/{subsId} does not return after request body retrieval or deserialization errors. Although HTTP 500 or 400 error responses are sent, execution continues and the processor is invoked with a potentially uninitialized or partially initialized PolicyDataSubscription object. This fail-open behavior may allow unintended modification of existing Policy Data notification subscriptions with invalid or empty input, depending on downstream processor and storage behavior. A patched version was not available at the time of publication.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
对因果或异常条件的不恰当检查
Source: NVD (National Vulnerability Database)
Vulnerability Title
free5GC 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
free5GC是free5GC开源的一个第 5 代 (5G) 移动核心网络的开源项目。 free5GC 4.2.1及之前版本存在安全漏洞,该漏洞源于UDR服务中PUT请求处理程序在请求体检索或反序列化错误后未正确返回,导致继续执行并使用可能未初始化或部分初始化的对象调用处理器,可能允许使用无效或空输入意外修改现有策略数据通知订阅。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
free5gcfree5gc <= 4.2.1 -

II. Public POCs for CVE-2026-40249

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-40249

登录查看更多情报信息。

Same Patch Batch · free5gc · 2026-04-16 · 4 CVEs total

CVE-2026-40248free5gc UDR improper path validation allows unauthenticated creation and modification of T
CVE-2026-40247free5gc UDR improper path validation allows unauthenticated access to Traffic Influence Su
CVE-2026-40246free5gc UDR improper path validation allows unauthenticated deletion of Traffic Influence

IV. Related Vulnerabilities

Same product: free5gc
Same vendor: free5gc
Same weakness: CWE-754

V. Comments for CVE-2026-40249

No comments yet

Leave a comment