CVE-2026-42459 – free5GC: Improper Input Validation and Generation of Error Message Containing Sensitive Information in github.com/free5gc/udm

CVE ID :CVE-2026-42459

Published : May 27, 2026, 3:53 p.m. | 38 minutes ago

Description :free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the free5GC UDM component fails to validate the supi path parameter in six GET handlers of the nudm-sdm (Subscriber Data Management) service. An unauthenticated attacker can inject control characters into the SUPI parameter, causing UDM to forward a malformed request to UDR and return a 500 Internal Server Error response that exposes internal infrastructure details. This vulnerability is fixed in 4.2.2.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-42081 – free5GC: UE Security Capability bypass on NGAP PathSwitchRequest

CVE-2026-42082 – free5GC: Missing Concurrent NAS SMC Validation During NGAP Handover

CVE-2026-42083 – free5GC: PCF Npcf_SMPolicyControl missing authentication middleware allows unauthenticated access to SM policy handlers and disclosure of subscriber SUPI

CVE-2026-44315 – free5GC: NEF 3gpp-pfd-management API is unauthenticated; forged bearer tokens can create, read, and delete PFD transactions