Vulnerabilities in Free5Gc
53 resultsCVE-2026-44327CRITICALfree5GC: NEF nnef-oam route group is unauthenticated; no-token requests reach the OAM handlerEPSS 0.3%CVE-2026-25501MEDIUMfree5GC SMF crash (nil pointer dereference) on PFCP SessionReportRequest when ReportType.DLDR is set but DownlinkDataReport IE is missingEPSS 0.3%CVE-2026-26025MEDIUMfree5GC SMF crash (nil pointer dereference) on PFCP SessionReportRequest when ReportType.USAR=1 and UsageReport omits mandatory URRID sub-IE EPSS 0.3%CVE-2026-26024MEDIUMfree5GC SMF crash (nil pointer dereference) on PFCP SessionReportRequest when ReportType.USAR=1 and UsageReport omits mandatory URRID sub-IE EPSS 0.3%CVE-2026-44330CRITICALfree5GC: NEF nnef-pfdmanagement API is unauthenticated; forged bearer tokens can read PFD data and create/delete PFD subscriptionsEPSS 0.3%CVE-2026-33065MEDIUMfree5GC UDM incorrectly returns 500 for empty supi path parameter in DELETE sdm-subscriptions requestEPSS 0.3%CVE-2026-41136MEDIUMfree5GC AMF missing default case in Content-Type switch in HTTPUEContextTransferEPSS 0.3%CVE-2026-27643MEDIUMfree5GC has improper error handling in NEF with information exposureEPSS 0.3%CVE-2025-69208LOWfree5GC UDR's NEF incorrectly returns 500 for missing PFD data (UDR 404) in Nnef_PfdManagement GET requestEPSS 0.3%CVE-2026-44318MEDIUMfree5GC: BSF concurrent PUT /nbsf-management/v1/subscriptions/{subId} crashes the BSF process via concurrent map read/write on SubscriptionsEPSS 0.3%CVE-2026-42081MEDIUMfree5GC: UE Security Capability bypass on NGAP PathSwitchRequestEPSS 0.3%CVE-2026-42082LOWfree5GC: Missing Concurrent NAS SMC Validation During NGAP HandoverEPSS 0.3%CVE-2026-44320HIGHfree5GC: NEF nnef-callback route group is unauthenticated; forged callback requests are accepted into the processing pathEPSS 0.2%