CVE-2026-42081
6.1 MEDIUMfree5GC is an open-source implementation of the 5G core network
Published: 2026-05-27 · Last updated: 2026-05-29
Severity and scoring
- CVSS
- 6.1 MEDIUM
- Vector
- CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L
- CWE
- CWE-358
Affected products
| Vendor | Product |
|---|---|
| free5gc | free5gc |
Description
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored values, as mandated by 3GPP TS 33.501 §6.7.3.1. A malicious gNB can overwrite the AMF's stored UE security capabilities with arbitrary values, which are then propagated in PathSwitchRequest Acknowledge messages and subsequent Handover Request messages. This leads to persistent handover denial-of-service for affected UEs. This vulnerability is fixed in 4.2.2.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-44330 — free5GC is an open-source implementation of the 5G core network (10.0 CRITICAL)
- CVE-2026-44329 — free5GC is an open-source implementation of the 5G core network (10.0 CRITICAL)
- CVE-2026-44328 — free5GC is an open-source implementation of the 5G core network (8.2 HIGH)
- CVE-2026-44327 — free5GC is an open-source implementation of the 5G core network (10.0 CRITICAL)
- CVE-2026-44326 — free5GC is an open-source implementation of the 5G core network (9.4 CRITICAL)
Same CWE
- CVE-2026-11127 — Inappropriate implementation in WebAPKs in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform domain sp... (6.5 MEDIUM)
- CVE-2026-11122 — Inappropriate implementation in Keyboard in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or... (6.1 MEDIUM)
- CVE-2026-44475 — Ella Core is a 5G core designed for private networks (6.1 MEDIUM)
- CVE-2026-44474 — Ella Core is a 5G core designed for private networks (3.7 LOW)
- CVE-2026-44473 — Ella Core is a 5G core designed for private networks (7.1 HIGH)