top of page
perceptive_background_267k.jpg

Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions 4.2.1 and below contain an information disclosure vuln…

Published:

15 april 2026 om 22:00:00

Alert date:

16 april 2026 om 01:02:25

Source:

nvd.nist.gov

Click to open the original link from this advisory

Mobile & IoT, Network Infrastructure, Critical Infrastructure

Free5GC versions 4.2.1 and below contain an information disclosure vulnerability in the UDR service. The vulnerability allows unauthenticated attackers to retrieve sensitive subscriber identifiers (SUPI/IMSI values) through a parameterless HTTP GET request. The flaw occurs when the handler sends an HTTP 400 error but doesn't return, causing execution to continue and expose the full list of Traffic Influence Subscriptions. This undermines 5G privacy guarantees and the 3GPP SUCI concealment mechanism at the core network level.

Technical details

Mitigation steps:

Affected products:

Free5GC

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-40245
https://github.com/free5gc/free5gc/security/advisories/GHSA-wrwh-rpq4-87hf

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page