Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Free5Gc — Vulnerabilities & Security Advisories 33

Browse all 33 CVE security advisories affecting Free5Gc. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Free5Gc is an open-source implementation of the 5G core network, primarily utilized by researchers and developers for testing and validating 5G network architectures without proprietary constraints. Its widespread adoption in academic and experimental environments has exposed it to significant security scrutiny, resulting in thirty-three recorded Common Vulnerabilities and Exposures. The most prevalent vulnerability classes include remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation and improper access controls within its microservices-based architecture. While no major public incidents involving widespread exploitation have been widely documented, the high volume of CVEs highlights inherent risks in deploying unhardened core infrastructure components. These flaws underscore the necessity for rigorous security auditing and patch management when integrating Free5Gc into any operational or semi-operational network environment, as default configurations frequently lack robust defense-in-depth mechanisms.

Top products by Free5Gc: free5gc SMF udr udm pcf go-upf amf Open5Gc chf nrf ausf
CVE IDTitleCVSSSeverityPublished
CVE-2026-41136 free5GC AMF missing default case in Content-Type switch in HTTPUEContextTransfer — amfCWE-440 9.8AICriticalAI2026-04-21
CVE-2026-41135 free5GC PCF: Memory Leak via CORS Middleware Registration in HTTP Handler Leads to Denial of Service — pcfCWE-400 7.5 High2026-04-21
CVE-2026-40343 free5GC UDR: Fail-open handling in PolicyDataSubsToNotifyPost allows unintended subscription creation — udrCWE-754 5.3AIMediumAI2026-04-21
CVE-2026-40249 free5gc UDR fail-open request handling in PolicyDataSubsToNotifySubsIdPut may allow unintended subscription updates after input errors — free5gcCWE-754 9.1AICriticalAI2026-04-16
CVE-2026-40248 free5gc UDR improper path validation allows unauthenticated creation and modification of Traffic Influence Subscriptions — free5gcCWE-285 7.5AIHighAI2026-04-16
CVE-2026-40247 free5gc UDR improper path validation allows unauthenticated access to Traffic Influence Subscriptions — free5gcCWE-285 5.3AIMediumAI2026-04-16
CVE-2026-40246 free5gc UDR improper path validation allows unauthenticated deletion of Traffic Influence Subscriptions — free5gcCWE-285 5.3AIMediumAI2026-04-16
CVE-2026-40245 Free5GC: UDR nudr-dr influenceData/subs-to-notify leaks SUPI in error response body without authentication — free5gcCWE-200 7.5 High2026-04-15
CVE-2026-33192 free5GC UDM incorrectly returns 500 for empty supi path parameter in PATCH sdm-subscriptions reques — free5gcCWE-209 3.7 -2026-03-20
CVE-2026-33065 free5GC UDM incorrectly returns 500 for empty supi path parameter in DELETE sdm-subscriptions request — free5gcCWE-209 5.3 -2026-03-20
CVE-2026-33064 free5GC UDM DataChangeNotification Procedure Panic Due to Nil Pointer Dereference — free5gcCWE-478 7.5 -2026-03-20
CVE-2026-33191 free5GC UDM vulnerable to null byte injection in URL path parameters causing 500 Internal Server Error — free5gcCWE-158 7.5 -2026-03-20
CVE-2026-33063 free5GC AUSF UE Authentication Panic on Nil SuciSupiMap Interface Conversion — ausfCWE-476 7.5 -2026-03-20
CVE-2026-33062 free5GC NRF Discovery EncodeGroupId Function Panics on Malformed group-id-list Parameter — nrfCWE-284 7.5 -2026-03-20
CVE-2026-32937 free5GC CHF has Out-of-Bounds Slice Access that Leads to DoS — chfCWE-129 6.5 -2026-03-20
CVE-2026-27643 free5GC has improper error handling in NEF with information exposure — udrCWE-209 5.3 -2026-02-24
CVE-2026-27642 free5GC has Improper Input Validation in UDM UEAU Service — udmCWE-20 5.3 -2026-02-24
CVE-2026-26025 free5GC SMF crash (nil pointer dereference) on PFCP SessionReportRequest when ReportType.USAR=1 and UsageReport omits mandatory URRID sub-IE  — smfCWE-476 7.5 -2026-02-24
CVE-2026-26024 free5GC SMF crash (nil pointer dereference) on PFCP SessionReportRequest when ReportType.USAR=1 and UsageReport omits mandatory URRID sub-IE  — smfCWE-476 7.5 -2026-02-24
CVE-2026-25501 free5GC SMF crash (nil pointer dereference) on PFCP SessionReportRequest when ReportType.DLDR is set but DownlinkDataReport IE is missing — smfCWE-476 7.5 -2026-02-24
CVE-2025-69253 free5GC vulnerable to improper error handling in NEF with information exposure — udrCWE-209 5.3 -2026-02-24
CVE-2025-69252 free5GC has Null Pointer Dereference in UDM, Leading to Service Panic — udmCWE-476 7.5 -2026-02-23
CVE-2025-69251 free5GC has Improper Input Validation in UDM, Leading to Information Exposure — udmCWE-20 6.5 -2026-02-23
CVE-2025-69250 free5GC has Improper Error Handling in UDM, Leading to Information Exposure — udmCWE-754 5.3 -2026-02-23
CVE-2025-69248 free5GC has Array Index Out of Bounds in AMF Leading to Denial of Service — amfCWE-129 7.5AIHighAI2026-02-23
CVE-2025-69247 free5GC has Heap Buffer Overflow in UPF Leading to Denial of Service — go-upfCWE-122 7.5AIHighAI2026-02-23
CVE-2025-69232 free5GC hasProtocol Compliance Violation in UPF Leading to SMF Service Disruption — go-upfCWE-20 7.5AIHighAI2026-02-23
CVE-2025-69208 free5GC UDR's NEF incorrectly returns 500 for missing PFD data (UDR 404) in Nnef_PfdManagement GET request — udrCWE-209 7.5AIHighAI2026-02-23
CVE-2026-1739 Free5GC pcf smpolicy.go HandleCreateSmPolicyRequest null pointer dereference — pcfCWE-476 5.3 Medium2026-02-02
CVE-2026-1684 Free5GC SMF PFCP UDP Endpoint pfcp_reports.go HandleReports denial of service — SMFCWE-404 5.3 Medium2026-01-30

This page lists every published CVE security advisory associated with Free5Gc. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.