Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Free5Gc — Vulnerabilities & Security Advisories 53

Browse all 53 CVE security advisories affecting Free5Gc. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Free5Gc is an open-source implementation of the 5G core network, primarily utilized by researchers and developers for testing and validating 5G network architectures without proprietary constraints. Its widespread adoption in academic and experimental environments has exposed it to significant security scrutiny, resulting in thirty-three recorded Common Vulnerabilities and Exposures. The most prevalent vulnerability classes include remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation and improper access controls within its microservices-based architecture. While no major public incidents involving widespread exploitation have been widely documented, the high volume of CVEs highlights inherent risks in deploying unhardened core infrastructure components. These flaws underscore the necessity for rigorous security auditing and patch management when integrating Free5Gc into any operational or semi-operational network environment, as default configurations frequently lack robust defense-in-depth mechanisms.

Found 29 results / 53Clear Filters
Top products by Free5Gc: free5gc SMF udr udm pcf go-upf amf Open5Gc chf nrf ausf
CVE IDTitleCVSSSeverityPublished
CVE-2026-42081 free5GC: UE Security Capability bypass on NGAP PathSwitchRequest — free5gcCWE-358 6.1 Medium2026-05-27
CVE-2026-42082 free5GC: Missing Concurrent NAS SMC Validation During NGAP Handover — free5gcCWE-358 3.7 Low2026-05-27
CVE-2026-42083 free5GC: PCF Npcf_SMPolicyControl missing authentication middleware allows unauthenticated access to SM policy handlers and disclosure of subscriber SUPI — free5gcCWE-862 8.2 High2026-05-27
CVE-2026-42459 free5GC: Improper Input Validation and Generation of Error Message Containing Sensitive Information in github.com/free5gc/udm — free5gcCWE-20--2026-05-27
CVE-2026-44315 free5GC: NEF 3gpp-pfd-management API is unauthenticated; forged bearer tokens can create, read, and delete PFD transactions — free5gcCWE-862 9.4 Critical2026-05-27
CVE-2026-44316 free5GC: PCF npcf-smpolicycontrol POST /sm-policies panics on downstream UDR/OpenAPI 404 via nil pointer dereference — free5gcCWE-476 7.5 High2026-05-27
CVE-2026-44317 free5GC: PCF npcf-policyauthorization POST /app-sessions panics on suppFeat=1 with missing AfRoutReq via nil pointer dereference — free5gcCWE-476 6.5 Medium2026-05-27
CVE-2026-44319 free5GC: NEF crashes via logger.Fatal on PFD notification delivery failure (attacker-controlled notifyUri) — free5gcCWE-20 7.5 High2026-05-27
CVE-2026-44320 free5GC: NEF nnef-callback route group is unauthenticated; forged callback requests are accepted into the processing path — free5gcCWE-306 7.3 High2026-05-27
CVE-2026-44321 free5GC: SMF UPI POST /upi/v1/upNodesLinks exits the SMF process on overlapping UE pools (unauthenticated, reachable Fatalf) — free5gcCWE-306 7.5 High2026-05-27
CVE-2026-44322 free5GC: NEF 3gpp-pfd-management PATCH applications/{appId} panics on UDR access failure due to nil ProblemDetails dereference — free5gcCWE-476 7.5 High2026-05-27
CVE-2026-44323 free5GC: UDR nudr-dr DELETE amf-subscriptions panics on missing subsId when UE state exists (nil pointer dereference) — free5gcCWE-476 4.3 Medium2026-05-27
CVE-2026-44324 free5GC: UDR nudr-dr DELETE amf-subscriptions panics on missing UE state via nil interface type assertion (single authenticated request) — free5gcCWE-704 6.5 Medium2026-05-27
CVE-2026-44325 free5GC: NRF POST /oauth2/token structured-form parser type-confusion panic family (Reflect.Set on incompatible types) — free5gcCWE-20 7.5 High2026-05-27
CVE-2026-44326 free5GC: NEF 3gpp-traffic-influence API is unauthenticated; missing or forged bearer tokens can create, read, patch, and delete subscriptions — free5gcCWE-862 9.4 Critical2026-05-27
CVE-2026-44327 free5GC: NEF nnef-oam route group is unauthenticated; no-token requests reach the OAM handler — free5gcCWE-306 10.0 Critical2026-05-27
CVE-2026-44328 free5GC: SMF UPI DELETE /upi/v1/upNodesLinks/{ref} panics on AN-node deletion via nil UPF dereference; unauthenticated, state-mutating — free5gcCWE-306 8.2 High2026-05-27
CVE-2026-44329 free5GC: SMF UPI management interface lacks auth middleware; unauthenticated topology read/write requests reach handlers — free5gcCWE-306 10.0 Critical2026-05-27
CVE-2026-44330 free5GC: NEF nnef-pfdmanagement API is unauthenticated; forged bearer tokens can read PFD data and create/delete PFD subscriptions — free5gcCWE-863 10.0 Critical2026-05-27
CVE-2026-44318 free5GC: BSF concurrent PUT /nbsf-management/v1/subscriptions/{subId} crashes the BSF process via concurrent map read/write on Subscriptions — free5gcCWE-362 6.5 Medium2026-05-27
CVE-2026-40249 free5gc UDR fail-open request handling in PolicyDataSubsToNotifySubsIdPut may allow unintended subscription updates after input errors — free5gcCWE-754 9.1AICriticalAI2026-04-16
CVE-2026-40248 free5gc UDR improper path validation allows unauthenticated creation and modification of Traffic Influence Subscriptions — free5gcCWE-285 7.5AIHighAI2026-04-16
CVE-2026-40247 free5gc UDR improper path validation allows unauthenticated access to Traffic Influence Subscriptions — free5gcCWE-285 5.3AIMediumAI2026-04-16
CVE-2026-40246 free5gc UDR improper path validation allows unauthenticated deletion of Traffic Influence Subscriptions — free5gcCWE-285 5.3AIMediumAI2026-04-16
CVE-2026-40245 Free5GC: UDR nudr-dr influenceData/subs-to-notify leaks SUPI in error response body without authentication — free5gcCWE-200 7.5 High2026-04-15
CVE-2026-33192 free5GC UDM incorrectly returns 500 for empty supi path parameter in PATCH sdm-subscriptions reques — free5gcCWE-209 3.7 -2026-03-20
CVE-2026-33065 free5GC UDM incorrectly returns 500 for empty supi path parameter in DELETE sdm-subscriptions request — free5gcCWE-209 5.3 -2026-03-20
CVE-2026-33064 free5GC UDM DataChangeNotification Procedure Panic Due to Nil Pointer Dereference — free5gcCWE-478 7.5 -2026-03-20
CVE-2026-33191 free5GC UDM vulnerable to null byte injection in URL path parameters causing 500 Internal Server Error — free5gcCWE-158 7.5 -2026-03-20

This page lists every published CVE security advisory associated with Free5Gc. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.