top of page
perceptive_background_267k.jpg

free5GC UDR is the Policy Control Function (PCF) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. A memory leak vulnerabilit…

Published:

21 april 2026 om 22:00:00

Alert date:

22 april 2026 om 22:11:22

Source:

nvd.nist.gov

Click to open the original link from this advisory

Mobile & IoT, Network Infrastructure, Critical Infrastructure

A memory leak vulnerability in free5GC UDR Policy Control Function (PCF) versions prior to 1.4.3 allows unauthenticated attackers with network access to cause uncontrolled memory growth. The vulnerability is triggered by sending repeated HTTP requests to the OAM endpoint, which registers new CORS middleware on every request due to improper router.Use() call placement. This leads to progressive memory exhaustion and denial of service, preventing user equipment from obtaining AM and SM policies and blocking 5G session establishment. The issue affects the PCF SBI interface and has been patched in version 1.4.3.

Technical details

Mitigation steps:

Affected products:

free5GC
free5GC UDR
free5GC PCF

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-41135
https://github.com/free5gc/free5gc/security/advisories/GHSA-98cp-84m9-q3qp
https://github.com/free5gc/pcf/commit/599803b1b2eb4611e26d5216481ee142bce71a16

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page