Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Free5Gc — Vulnerabilities & Security Advisories 33

Browse all 33 CVE security advisories affecting Free5Gc. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Free5Gc:free5gcSMFudrudmpcfgo-upfamfOpen5Gcchfnrfausf
CVE IDTitleCVSSSeverityPublished
CVE-2026-41136 free5GC AMF missing default case in Content-Type switch in HTTPUEContextTransfer — amfCWE-440 9.8AICriticalAI2026-04-21
CVE-2026-41135 free5GC PCF: Memory Leak via CORS Middleware Registration in HTTP Handler Leads to Denial of Service — pcfCWE-400 7.5 High2026-04-21
CVE-2026-40343 free5GC UDR: Fail-open handling in PolicyDataSubsToNotifyPost allows unintended subscription creation — udrCWE-754 5.3AIMediumAI2026-04-21
CVE-2026-40249 free5gc UDR fail-open request handling in PolicyDataSubsToNotifySubsIdPut may allow unintended subscription updates after input errors — free5gcCWE-754 9.1AICriticalAI2026-04-16
CVE-2026-40248 free5gc UDR improper path validation allows unauthenticated creation and modification of Traffic Influence Subscriptions — free5gcCWE-285 7.5AIHighAI2026-04-16
CVE-2026-40247 free5gc UDR improper path validation allows unauthenticated access to Traffic Influence Subscriptions — free5gcCWE-285 5.3AIMediumAI2026-04-16
CVE-2026-40246 free5gc UDR improper path validation allows unauthenticated deletion of Traffic Influence Subscriptions — free5gcCWE-285 5.3AIMediumAI2026-04-16
CVE-2026-40245 Free5GC: UDR nudr-dr influenceData/subs-to-notify leaks SUPI in error response body without authentication — free5gcCWE-200 7.5 High2026-04-15
CVE-2026-33192 free5GC UDM incorrectly returns 500 for empty supi path parameter in PATCH sdm-subscriptions reques — free5gcCWE-209 3.7 -2026-03-20
CVE-2026-33065 free5GC UDM incorrectly returns 500 for empty supi path parameter in DELETE sdm-subscriptions request — free5gcCWE-209 5.3 -2026-03-20
CVE-2026-33064 free5GC UDM DataChangeNotification Procedure Panic Due to Nil Pointer Dereference — free5gcCWE-478 7.5 -2026-03-20
CVE-2026-33191 free5GC UDM vulnerable to null byte injection in URL path parameters causing 500 Internal Server Error — free5gcCWE-158 7.5 -2026-03-20
CVE-2026-33063 free5GC AUSF UE Authentication Panic on Nil SuciSupiMap Interface Conversion — ausfCWE-476 7.5 -2026-03-20
CVE-2026-33062 free5GC NRF Discovery EncodeGroupId Function Panics on Malformed group-id-list Parameter — nrfCWE-284 7.5 -2026-03-20
CVE-2026-32937 free5GC CHF has Out-of-Bounds Slice Access that Leads to DoS — chfCWE-129 6.5 -2026-03-20
CVE-2026-27643 free5GC has improper error handling in NEF with information exposure — udrCWE-209 5.3 -2026-02-24
CVE-2026-27642 free5GC has Improper Input Validation in UDM UEAU Service — udmCWE-20 5.3 -2026-02-24
CVE-2026-26025 free5GC SMF crash (nil pointer dereference) on PFCP SessionReportRequest when ReportType.USAR=1 and UsageReport omits mandatory URRID sub-IE  — smfCWE-476 7.5 -2026-02-24
CVE-2026-26024 free5GC SMF crash (nil pointer dereference) on PFCP SessionReportRequest when ReportType.USAR=1 and UsageReport omits mandatory URRID sub-IE  — smfCWE-476 7.5 -2026-02-24
CVE-2026-25501 free5GC SMF crash (nil pointer dereference) on PFCP SessionReportRequest when ReportType.DLDR is set but DownlinkDataReport IE is missing — smfCWE-476 7.5 -2026-02-24
CVE-2025-69253 free5GC vulnerable to improper error handling in NEF with information exposure — udrCWE-209 5.3 -2026-02-24
CVE-2025-69252 free5GC has Null Pointer Dereference in UDM, Leading to Service Panic — udmCWE-476 7.5 -2026-02-23
CVE-2025-69251 free5GC has Improper Input Validation in UDM, Leading to Information Exposure — udmCWE-20 6.5 -2026-02-23
CVE-2025-69250 free5GC has Improper Error Handling in UDM, Leading to Information Exposure — udmCWE-754 5.3 -2026-02-23
CVE-2025-69248 free5GC has Array Index Out of Bounds in AMF Leading to Denial of Service — amfCWE-129 7.5AIHighAI2026-02-23
CVE-2025-69247 free5GC has Heap Buffer Overflow in UPF Leading to Denial of Service — go-upfCWE-122 7.5AIHighAI2026-02-23
CVE-2025-69232 free5GC hasProtocol Compliance Violation in UPF Leading to SMF Service Disruption — go-upfCWE-20 7.5AIHighAI2026-02-23
CVE-2025-69208 free5GC UDR's NEF incorrectly returns 500 for missing PFD data (UDR 404) in Nnef_PfdManagement GET request — udrCWE-209 7.5AIHighAI2026-02-23
CVE-2026-1739 Free5GC pcf smpolicy.go HandleCreateSmPolicyRequest null pointer dereference — pcfCWE-476 5.3 Medium2026-02-02
CVE-2026-1684 Free5GC SMF PFCP UDP Endpoint pfcp_reports.go HandleReports denial of service — SMFCWE-404 5.3 Medium2026-01-30

This page lists every published CVE security advisory associated with Free5Gc. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.