CVE-2026-44321

Exploit

EPSS 0.36%
Veröffentlicht 27.05.2026 15:47:33
Zuletzt bearbeitet 28.05.2026 18:01:21
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

free5GC: SMF UPI POST /upi/v1/upNodesLinks exits the SMF process on overlapping UE pools (unauthenticated, reachable Fatalf)

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. The POST /upi/v1/upNodesLinks create-or-update handler accepts attacker-controlled JSON and passes it directly into UpNodesFromConfiguration(), which calls logger.InitLog.Fatalf(...) on several validation failures. One confirmed path is the UE-IP-pool overlap check: a single unauthenticated POST that adds a new UPF whose pool overlaps an existing UPF terminates the entire SMF process (docker ps shows Exited (1)), not just the goroutine. This vulnerability is fixed in 4.2.2.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 3 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Free5gc ≫ Free5gc Version < 4.2.2

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.36%	0.282

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://github.com/free5gc/free5gc/security/advisories/GHSA-44qj-cghf-9p97

Vendor Advisory

Exploit

https://github.com/free5gc/free5gc/issues/906

Exploit

Issue Tracking

https://github.com/free5gc/smf/pull/203

Patch

Issue Tracking

https://github.com/free5gc/smf/commit/e0974e07ddab44a67d36a563cca383b2449e33e5

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-44321

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-44321

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-44321

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-44321