Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

free5gc — Vulnerabilities & Security Advisories 17

All 17 CVE vulnerabilities found in free5gc, with AI-generated Chinese analysis, references, and POCs.

Vendor: n/a

CVE IDTitleCVSSSeverityPublished
CVE-2026-40249 free5gc UDR fail-open request handling in PolicyDataSubsToNotifySubsIdPut may allow unintended subscription updates after input errors CWE-754 9.1AICriticalAI2026-04-16
CVE-2026-40248 free5gc UDR improper path validation allows unauthenticated creation and modification of Traffic Influence Subscriptions CWE-285 7.5AIHighAI2026-04-16
CVE-2026-40247 free5gc UDR improper path validation allows unauthenticated access to Traffic Influence Subscriptions CWE-285 5.3AIMediumAI2026-04-16
CVE-2026-40246 free5gc UDR improper path validation allows unauthenticated deletion of Traffic Influence Subscriptions CWE-285 5.3AIMediumAI2026-04-16
CVE-2026-40245 Free5GC: UDR nudr-dr influenceData/subs-to-notify leaks SUPI in error response body without authentication CWE-200 7.5 High2026-04-15
CVE-2026-5661 Free5GC NGSetupRequest denial of service CWE-404 5.3 Medium2026-04-06
CVE-2026-5360 Free5GC aper type confusion CWE-843 3.7 Low2026-04-02
CVE-2026-4531 Free5GC AMF handler.go HandleRegistrationComplete denial of service CWE-404 5.3 Medium2026-03-22
CVE-2026-33192 free5GC UDM incorrectly returns 500 for empty supi path parameter in PATCH sdm-subscriptions reques CWE-209 3.7 -2026-03-20
CVE-2026-33065 free5GC UDM incorrectly returns 500 for empty supi path parameter in DELETE sdm-subscriptions request CWE-209 5.3 -2026-03-20
CVE-2026-33064 free5GC UDM DataChangeNotification Procedure Panic Due to Nil Pointer Dereference CWE-478 7.5 -2026-03-20
CVE-2026-33191 free5GC UDM vulnerable to null byte injection in URL path parameters causing 500 Internal Server Error CWE-158 7.5 -2026-03-20
CVE-2026-2525 Free5GC PFCP UDP Endpoint denial of service CWE-404 5.3 Medium2026-02-16
CVE-2026-1976 Free5GC SMF SessionDeletionResponse null pointer dereference CWE-476 5.3 Medium2026-02-06
CVE-2026-1975 Free5GC pfcp_reports.go identityTriggerType null pointer dereference CWE-476 5.3 Medium2026-02-06
CVE-2026-1974 Free5GC SMF datapath.go ResolveNodeIdToIp denial of service CWE-404 5.3 Medium2026-02-06
CVE-2026-1973 Free5GC SMF establishPfcpSession null pointer dereference CWE-476 5.3 Medium2026-02-06

All 17 known CVE vulnerabilities affecting free5gc with full Chinese analysis, references, and POCs where available.