Perceptive Security
SOC/SIEM Consultancy
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 midd…
Published:
26 May 2026 at 22:00:00
Alert date:
27 May 2026 at 18:07:10
Source:
nvd.nist.gov
Network Infrastructure, Critical Infrastructure, Emerging Technologies
CVE-2026-44328 affects free5GC, an open-source 5G core network implementation. Prior to version 4.2.2, the SMF component mounts UPI management routes without OAuth2 middleware authentication. The vulnerability allows unauthenticated attackers to send DELETE requests to /upi/v1/upNodesLinks/{upNodeRef} endpoint, causing nil-pointer panics and denial of service. The flaw also mutates in-memory user-plane topology before crashing, creating a state-mutating panic-DoS condition. Off-path network attackers can trigger this vulnerability by targeting any AN entry by name. The issue is resolved in free5GC version 4.2.2.
Technical details
Mitigation steps:
Affected products:
free5GC
Related links:
https://nvd.nist.gov/vuln/detail/CVE-2026-44328
https://github.com/free5gc/free5gc/issues/905
https://github.com/free5gc/free5gc/security/advisories/GHSA-p9mg-74mg-cwwr
https://github.com/free5gc/smf/commit/b57bc48081c3d3a2f333d02eb78e4fd31a120deb
https://github.com/free5gc/smf/pull/199
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.