CVE-2026-42459 – free5GC: Improper Input Validation and Generation of Error Message Containing Sensitive Information in github.com/free5gc/udm

CVE ID :CVE-2026-42459

Published : May 27, 2026, 3:53 p.m. | 38 minutes ago

Description :free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the free5GC UDM component fails to validate the supi path parameter in six GET handlers of the nudm-sdm (Subscriber Data Management) service. An unauthenticated attacker can inject control characters into the SUPI parameter, causing UDM to forward a malformed request to UDR and return a 500 Internal Server Error response that exposes internal infrastructure details. This vulnerability is fixed in 4.2.2.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-5509 – Arbitrary Command Injection via Browser Developer Console in TP-Link Archer BE450 and BE7200

CVE-2026-4390 – TeamSpeak 3 Server Connection State Management process_resend_queue use after free

CVE-2026-4392 – TeamSpeak 3 Server clientek Handshake assertion

CVE-2026-4391 – TeamSpeak 3 Server ECC Key heap-based overflow