Browse all 33 CVE security advisories affecting Free5GC. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Free5Gc is an open-source implementation of the 5G core network, primarily utilized by researchers and developers for testing and validating 5G network architectures without proprietary constraints. Its widespread adoption in academic and experimental environments has exposed it to significant security scrutiny, resulting in thirty-three recorded Common Vulnerabilities and Exposures. The most prevalent vulnerability classes include remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation and improper access controls within its microservices-based architecture. While no major public incidents involving widespread exploitation have been widely documented, the high volume of CVEs highlights inherent risks in deploying unhardened core infrastructure components. These flaws underscore the necessity for rigorous security auditing and patch management when integrating Free5Gc into any operational or semi-operational network environment, as default configurations frequently lack robust defense-in-depth mechanisms.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-1683 | Free5GC SMF PFCP handler.go HandlePfcpSessionReportRequest denial of service — SMFCWE-404 | 5.3 | Medium | 2026-01-30 |
| CVE-2026-1682 | Free5GC SMF PFCP UDP Endpoint handler.go HandlePfcpAssociationReleaseRequest null pointer dereference — SMFCWE-476 | 5.3 | Medium | 2026-01-30 |
| CVE-2023-4659 | Cross-Site Request Forgery in Free5Gc — Open5GcCWE-352 | 9.8 | Critical | 2023-10-02 |
This page lists every published CVE security advisory associated with Free5GC. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.