CVE-2026-27643

Medium CVSS: 6.6

free5GC UDR is the user data repository (UDR) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, the NEF component reliably leaks internal parsing error details (e.g., invalid character 'n' after top-level value) to remote clients, which can aid attackers in service fingerprinting. All deployments of free5GC using the Nnef_PfdManagement service may be affected. free5gc/udr pull request 56 contains a patch for the issue. There is no direct workaround at the application level. The recommendation is to apply the provided patch.

Vendor

Free5gc

Product

Udr

CWE

CWE-209

Yayın Tarihi

2026-02-24 01:16:15

Güncelleme

2026-02-25 15:46:38

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-209 Udr MEDIUM Free5gc 2026

Referanslar

https://github.com/free5gc/free5gc/issues/753 https://github.com/free5gc/free5gc/security/advisories/GHSA-6468-f87j-6g82 https://github.com/free5gc/udr/commit/754d23b03755ad59077ed529ce3b971e477080c4 https://github.com/free5gc/udr/pull/56

Benzer Kayıtlar

High

CVE-2026-30653

An issue in Free5GC v.4.2.0 and before allows a remote attacker to cause a denial of service via the function HandleAuth…

High

CVE-2026-33192

Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. In versions prior to 1.…

High

CVE-2026-33064

Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions prior to 1.4.2…

Medium

CVE-2026-33065

Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. In versions prior to 1.…

High

CVE-2026-33191

Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions prior to 1.4.2…

High

CVE-2026-33062

free5GC is an open source 5G core network. free5GC NRF prior to version 1.4.2 has an Improper Input Validation vulnerabi…