Vulnerabilidades em Free5GC
53 resultadosCVE-2026-44319HIGHfree5GC: NEF crashes via logger.Fatal on PFD notification delivery failure (attacker-controlled notifyUri)EPSS 0.4%CVE-2025-69250MEDIUMfree5GC has Improper Error Handling in UDM, Leading to Information ExposureEPSS 0.4%CVE-2026-44325HIGHfree5GC: NRF POST /oauth2/token structured-form parser type-confusion panic family (Reflect.Set on incompatible types)EPSS 0.4%CVE-2026-44322HIGHfree5GC: NEF 3gpp-pfd-management PATCH applications/{appId} panics on UDR access failure due to nil ProblemDetails dereferenceEPSS 0.4%CVE-2026-40246HIGHfree5gc UDR improper path validation allows unauthenticated deletion of Traffic Influence SubscriptionsEPSS 0.4%CVE-2026-44321HIGHfree5GC: SMF UPI POST /upi/v1/upNodesLinks exits the SMF process on overlapping UE pools (unauthenticated, reachable Fatalf)EPSS 0.4%CVE-2025-69232LOWfree5GC hasProtocol Compliance Violation in UPF Leading to SMF Service DisruptionEPSS 0.4%CVE-2026-33191HIGHfree5GC UDM vulnerable to null byte injection in URL path parameters causing 500 Internal Server ErrorEPSS 0.4%CVE-2026-44317MEDIUMfree5GC: PCF npcf-policyauthorization POST /app-sessions panics on suppFeat=1 with missing AfRoutReq via nil pointer dereferenceEPSS 0.4%CVE-2026-44323MEDIUMfree5GC: UDR nudr-dr DELETE amf-subscriptions panics on missing subsId when UE state exists (nil pointer dereference)EPSS 0.4%CVE-2025-69253MEDIUMfree5GC vulnerable to improper error handling in NEF with information exposureEPSS 0.3%CVE-2026-44329CRITICALfree5GC: SMF UPI management interface lacks auth middleware; unauthenticated topology read/write requests reach handlersEPSS 0.3%CVE-2023-4659CRITICALCross-Site Request Forgery in Free5GcEPSS 0.3%CVE-2026-42459HIGHfree5GC: Improper Input Validation and Generation of Error Message Containing Sensitive Information in github.com/free5gc/udmEPSS 0.3%CVE-2026-44328HIGHfree5GC: SMF UPI DELETE /upi/v1/upNodesLinks/{ref} panics on AN-node deletion via nil UPF dereference; unauthenticated, state-mutatingEPSS 0.3%CVE-2026-42083HIGHfree5GC: PCF Npcf_SMPolicyControl missing authentication middleware allows unauthenticated access to SM policy handlers and disclosure of subscriber SUPIEPSS 0.3%CVE-2026-33192HIGHfree5GC UDM incorrectly returns 500 for empty supi path parameter in PATCH sdm-subscriptions requesEPSS 0.3%CVE-2026-40249MEDIUMfree5gc UDR fail-open request handling in PolicyDataSubsToNotifySubsIdPut may allow unintended subscription updates after input errorsEPSS 0.3%CVE-2026-44315CRITICALfree5GC: NEF 3gpp-pfd-management API is unauthenticated; forged bearer tokens can create, read, and delete PFD transactionsEPSS 0.3%CVE-2026-44326CRITICALfree5GC: NEF 3gpp-traffic-influence API is unauthenticated; missing or forged bearer tokens can create, read, patch, and delete subscriptionsEPSS 0.3%