threat
engine
.sh
Back
·
··:··
Home
/
Product
/
free5gc
Product
free5gc
62 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-41136
<= 4.2.1
free5GC AMF provides Access & Mobility Management Function (AMF) for free5GC, an open-source project for 5th generation (5G) mo
5.3
MEDIUM
CVE-2026-41135
<= 4.2.1
free5GC UDR is the Policy Control Function (PCF) for free5GC, an open-source project for 5th generation (5G) mobile core networ
7.5
HIGH
CVE-2026-40343
<= 4.2.1
free5GC UDR is the user data repository (UDR) for free5GC, an open-source project for 5th generation (5G) mobile core networks.
5.8
MEDIUM
CVE-2026-40249
<= 4.2.1
free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler f
5.3
MEDIUM
CVE-2026-40248
<= 4.2.1
free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for c
7.5
HIGH
CVE-2026-40247
<= 4.2.1
free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for r
7.5
HIGH
CVE-2026-40246
<= 1.4.2
free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the UDR service, the handler for d
7.5
HIGH
CVE-2026-40245
<= 4.2.1
Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions 4.2.1 and below contain
7.5
HIGH
CVE-2026-5360
all versions
A vulnerability has been found in Free5GC 4.2.0. The affected element is an unknown function of the component aper. Such manipulat
3.7
LOW
CVE-2026-30653
<= 4.2.0
An issue in Free5GC v.4.2.0 and before allows a remote attacker to cause a denial of service via the function HandleAuthentication
7.5
HIGH
CVE-2026-33192
< 1.4.2
Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. In versions prior to 1.4.2, the U
5.3
MEDIUM
CVE-2026-33191
< 1.4.2
Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions prior to 1.4.2 are vulne
8.6
HIGH
CVE-2026-33065
< 1.4.2
Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. In versions prior to 1.4.2, the U
5.3
MEDIUM
CVE-2026-33064
< 1.4.2
Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions prior to 1.4.2 are vulne
7.5
HIGH
CVE-2026-33063
< 1.4.2
free5GC is an open source 5G core network. free5GC AUSF prior to version 1.4.2 has is an Improper Null Check vulnerability leading
7.5
HIGH
CVE-2026-33062
< 1.4.2
free5GC is an open source 5G core network. free5GC NRF prior to version 1.4.2 has an Improper Input Validation vulnerability leadi
7.5
HIGH
CVE-2026-32937
< 1.2.2
free5GC is an open source 5G core network. free5GC CHF prior to version 1.2.2 has an out-of-bounds slice access vulnerability in t
6.5
MEDIUM
CVE-2026-27643
<= 1.4.1
free5GC UDR is the user data repository (UDR) for free5GC, an open-source project for 5th generation (5G) mobile core networks.
5.3
MEDIUM
CVE-2026-27642
<= 1.4.1
free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core network
7.5
HIGH
CVE-2026-26025
<= 1.4.1
free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation (5G) mobile core networks.
7.5
HIGH
CVE-2026-26024
<= 1.4.1
free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation (5G) mobile core networks.
7.5
HIGH
CVE-2026-25501
<= 1.4.1
free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation (5G) mobile core networks.
7.5
HIGH
CVE-2025-69253
<= 1.4.1
free5GC is an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 of the User Dat
5.3
MEDIUM
CVE-2025-69252
<= 1.4.1
free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core network
7.5
HIGH
CVE-2025-69251
<= 1.4.1
free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core network
5.3
MEDIUM
CVE-2025-69250
<= 1.4.1
free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core network
7.5
HIGH
CVE-2025-69248
<= 1.4.1
free5GC is an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 of free5GC's AM
7.5
HIGH
CVE-2025-69247
< 1.2.8
free5GC go-upf is the User Plane Function (UPF) implementation for 5G networks that is part of the free5GC project. Versions prior
7.5
HIGH
CVE-2025-69232
<= 1.4.0
free5GC is an open-source project for 5th generation (5G) mobile core networks. free5GC go-upf versions up to and including 1.2.6,
7.5
HIGH
CVE-2025-69208
<= 1.4.1
free5GC UDR is the user data repository (UDR) for free5GC, an open-source project for 5th generation (5G) mobile core networks.
5.3
MEDIUM
CVE-2026-2525
<= 4.1.0
A vulnerability has been found in Free5GC up to 4.1.0. This affects an unknown function of the component PFCP UDP Endpoint. Such m
5.3
MEDIUM
CVE-2025-70123
all versions
An improper input validation and protocol compliance vulnerability in free5GC v4.0.1 allows remote attackers to cause a denial of
7.5
HIGH
CVE-2025-70122
all versions
A heap buffer overflow vulnerability in the UPF component of free5GC v4.0.1 allows remote attackers to cause a denial of service v
7.5
HIGH
CVE-2025-70121
all versions
An array index out of bounds vulnerability in the AMF component of free5GC v4.0.1 allows remote attackers to cause a denial of ser
7.5
HIGH
CVE-2026-1976
<= 4.1.0
A weakness has been identified in Free5GC up to 4.1.0. Affected is the function SessionDeletionResponse of the component SMF. This
5.3
MEDIUM
CVE-2026-1975
<= 4.1.0
A security flaw has been discovered in Free5GC up to 4.1.0. This impacts the function identityTriggerType of the file pfcp_reports
5.3
MEDIUM
CVE-2026-1974
<= 4.1.0
A vulnerability was identified in Free5GC up to 4.1.0. This affects the function ResolveNodeIdToIp of the file internal/sbi/proces
5.3
MEDIUM
CVE-2026-1973
<= 4.1.0
A vulnerability was determined in Free5GC up to 4.1.0. The impacted element is the function establishPfcpSession of the component
5.3
MEDIUM
CVE-2026-1739
<= 1.4.1
A vulnerability has been found in Free5GC pcf up to 1.4.1. This affects the function HandleCreateSmPolicyRequest of the file inter
5.3
MEDIUM
CVE-2026-1684
<= 4.1.0
A vulnerability was found in Free5GC SMF up to 4.1.0. Affected by this issue is the function HandleReports of the file /internal/c
5.3
MEDIUM
CVE-2026-1683
<= 4.1.0
A vulnerability has been found in Free5GC SMF up to 4.1.0. Affected by this vulnerability is the function HandlePfcpSessionReportR
5.3
MEDIUM
CVE-2026-1682
<= 4.1.0
A flaw has been found in Free5GC SMF up to 4.1.0. Affected is the function HandlePfcpAssociationReleaseRequest of the file interna
5.3
MEDIUM
CVE-2025-66720
all versions
Null pointer dereference in free5gc pcf 1.4.0 in file internal/sbi/processor/ampolicy.go in function HandleDeletePoliciesPolAssoId
7.5
HIGH
CVE-2025-66719
all versions
An issue was discovered in Free5gc NRF 1.4.0. In the access-token generation logic of free5GC, the AccessTokenScopeCheck() functio
9.1
CRITICAL
CVE-2025-65562
all versions
The free5GC UPF suffers from a lack of bounds checking on the SEID when processing PFCP Session Deletion Requests. An unauthentica
7.5
HIGH
CVE-2025-65561
all versions
An issue was discovered in function LocalNode.Sess in free5GC 4.1.0 allowing attackers to cause a denial of service or other unspe
7.5
HIGH
CVE-2025-60638
all versions
An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to
7.5
HIGH
CVE-2025-60633
all versions
An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via the Nudm_SubscriberData
6.5
MEDIUM
CVE-2025-60632
all versions
An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to
6.5
MEDIUM
CVE-2025-63679
<= 4.1.0
free5gc v4.1.0 and before is vulnerable to Buffer Overflow. When AMF receives an UplinkRANConfigurationTransfer NGAP message from
7.5
HIGH
CVE-2025-56394
all versions
Free5gc 4.0.1 is vulnerable to Buffer Overflow. The AMF incorrectly validates the 5GS mobile identity, resulting in slice referenc
7.5
HIGH
CVE-2025-29632
all versions
Buffer Overflow vulnerability in Free5gc v.4.0.0 allows a remote attacker to cause a denial of service via the AMF, NGAP, security
5.4
MEDIUM
CVE-2023-49391
all versions
An issue was discovered in free5GC version 3.3.0, allows remote attackers to execute arbitrary code and cause a denial of service
7.5
HIGH
CVE-2023-47025
all versions
An issue in Free5gc v.3.3.0 allows a local attacker to cause a denial of service via the free5gc-compose component.
5.5
MEDIUM
CVE-2023-47347
all versions
Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP messages whose Seque
7.5
HIGH
CVE-2023-47345
all versions
Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP message with malform
7.5
HIGH
CVE-2023-47346
all versions
Buffer Overflow vulnerability in free5gc 3.3.0, UPF 1.2.0, and SMF 1.2.0 allows attackers to cause a denial of service via crafted
7.5
HIGH
CVE-2023-46324
< 1.2.0
pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is used, allows an Invalid Curve Attack because it may compute a
7.5
HIGH
CVE-2023-4659
all versions
Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform different actions on the platform
9.8
CRITICAL
CVE-2022-38871
all versions
In Free5gc v3.0.5, the AMF breaks due to malformed NAS messages.
7.5
HIGH
CVE-2022-38870
all versions
Free5gc v3.2.1 is vulnerable to Information disclosure.
7.5
HIGH
CVE-2022-43677
all versions
In free5GC 3.2.1, a malformed NGAP message can crash the AMF and NGAP decoders via an index-out-of-range panic in aper.GetBitStrin
5.5
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin