Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-42459 |
|
Vulnerability in github.com/free5gc/udm (CVE-2026-42459)
vulnerability in github.com/free5gc/udm (CVE-2026-42459). Confidential information can be exposed externally. Exploitable via ``supi``.
|
| CVE-2026-42083 |
|
Free5GC PCF: Missing authentication middleware in Npcf_SMPolicyControl allows access to SM policy handlers and disclosure of subscriber SUPI
Free5GC PCF: Missing authentication middleware in Npcf_SMPolicyControl allows access to SM policy handlers and disclosure of subscriber SUPI
|
| CVE-2026-42082 |
|
Vulnerability in github.com/free5gc/amf (CVE-2026-42082)
vulnerability in github.com/free5gc/amf (CVE-2026-42082). Risk of unauthorized operations or information disclosure. Exploitable via ``OnGoing``.
|
| CVE-2026-42081 |
|
Vulnerability in github.com/free5gc/amf (CVE-2026-42081)
vulnerability in github.com/free5gc/amf (CVE-2026-42081). Risk of unauthorized operations or information disclosure. Exploitable via ``handlePathSwitchRequestMain``.
|
| CVE-2026-44330 |
|
Authorization Flaw in github.com/free5gc/nef (CVE-2026-44330)
vulnerability in github.com/free5gc/nef (CVE-2026-44330). Data can be tampered with by attackers. Exploitable via `GET /applications`.
|
| CVE-2026-44329 |
|
Vulnerability in github.com/free5gc/smf (CVE-2026-44329)
vulnerability in github.com/free5gc/smf (CVE-2026-44329). Data can be tampered with by attackers. Exploitable via `GET /upi/v1/upNodesLinks`. Mitigation: upgrade to `1.4.3` or later.
|
| CVE-2026-44328 |
|
Vulnerability in github.com/free5gc/smf (CVE-2026-44328)
vulnerability in github.com/free5gc/smf (CVE-2026-44328). Risk of unauthorized operations or information disclosure. Exploitable via `DELETE /upi/v1/upNodesLinks/{upNodeRef}`. Mitigation: upgrade to `1.4.3` or later.
|
| CVE-2026-44327 |
|
Vulnerability in github.com/free5gc/nef (CVE-2026-44327)
vulnerability in github.com/free5gc/nef (CVE-2026-44327). Data can be tampered with by attackers. Exploitable via ``Authorization``.
|
| CVE-2026-44326 |
|
Vulnerability in github.com/free5gc/nef (CVE-2026-44326)
vulnerability in github.com/free5gc/nef (CVE-2026-44326). Data can be tampered with by attackers. Exploitable via ``Authorization``.
|
| CVE-2026-44325 |
|
Vulnerability in github.com/free5gc/nrf (CVE-2026-44325)
vulnerability in github.com/free5gc/nrf (CVE-2026-44325). Risk of unauthorized operations or information disclosure. Exploitable via `POST /oauth2/token`. Mitigation: upgrade to `1.4.3` or later.
|
| CVE-2026-44324 |
|
Vulnerability in github.com/free5gc/udr (CVE-2026-44324)
vulnerability in github.com/free5gc/udr (CVE-2026-44324). Risk of unauthorized operations or information disclosure. Exploitable via `DELETE /subscription-data/{ueId}/{servingPlmnId}/ee-subscriptions/{subsId}/amf-subscript`. Mitigation: upgrade to `1.4.3` or later.
|
| CVE-2026-44323 |
|
Vulnerability in github.com/free5gc/udr (CVE-2026-44323)
vulnerability in github.com/free5gc/udr (CVE-2026-44323). Risk of unauthorized operations or information disclosure. Exploitable via `DELETE /subscription-data/{ueId}/{servingPlmnId}/ee-subscriptions/{subsId}/amf-subscript`. Mitigation: upgrade to `1.4.3` or later.
|
| CVE-2026-44322 |
|
Vulnerability in github.com/free5gc/nef (CVE-2026-44322)
vulnerability in github.com/free5gc/nef (CVE-2026-44322). Risk of unauthorized operations or information disclosure. Exploitable via `PATCH /3gpp-pfd-management/v1/{afId}/transactions/{transId}/applications/{appId}`. Mitigation: upgrade to `1.2.3` or later.
|
| CVE-2026-44321 |
|
Vulnerability in github.com/free5gc/smf (CVE-2026-44321)
vulnerability in github.com/free5gc/smf (CVE-2026-44321). Risk of unauthorized operations or information disclosure. Exploitable via `POST /upi/v1/upNodesLinks`.
|
| CVE-2026-44320 |
|
Vulnerability in github.com/free5gc/nef (CVE-2026-44320)
vulnerability in github.com/free5gc/nef (CVE-2026-44320). Risk of unauthorized operations or information disclosure. Exploitable via ``NotifId``.
|
| CVE-2026-44319 |
|
Vulnerability in github.com/free5gc/nef (CVE-2026-44319)
vulnerability in github.com/free5gc/nef (CVE-2026-44319). Risk of unauthorized operations or information disclosure. Exploitable via `Authorization header`. Mitigation: upgrade to `1.2.3` or later.
|
| CVE-2026-44318 |
|
Vulnerability in github.com/free5gc/bsf (CVE-2026-44318)
vulnerability in github.com/free5gc/bsf (CVE-2026-44318). Risk of unauthorized operations or information disclosure. Exploitable via `PUT /nbsf-management/v1/subscriptions/{subId}`. Mitigation: upgrade to `1.0.2` or later.
|
| CVE-2026-44317 |
|
Vulnerability in github.com/free5gc/pcf (CVE-2026-44317)
vulnerability in github.com/free5gc/pcf (CVE-2026-44317). Risk of unauthorized operations or information disclosure. Exploitable via `POST /npcf-policyauthorization/v1/app-sessions`. Mitigation: upgrade to `1.4.3` or later.
|
| CVE-2026-44316 |
|
Vulnerability in github.com/free5gc/pcf (CVE-2026-44316)
vulnerability in github.com/free5gc/pcf (CVE-2026-44316). Risk of unauthorized operations or information disclosure. Exploitable via `POST /npcf-smpolicycontrol/v1/sm-policies`. Mitigation: upgrade to `1.4.2` or later.
|
| CVE-2026-44315 |
|
Vulnerability in github.com/free5gc/nef (CVE-2026-44315)
vulnerability in github.com/free5gc/nef (CVE-2026-44315). Data can be tampered with by attackers. Exploitable via ``ServiceList``.
|