CVE-2026-42082
3.7 LOWfree5GC is an open-source implementation of the 5G core network
Published: 2026-05-27 · Last updated: 2026-05-28
Severity and scoring
- CVSS
- 3.7 LOW
- Vector
- CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
- CWE
- CWE-358
Affected products
| Vendor | Product |
|---|---|
| free5gc | free5gc |
Description
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not enforce the concurrent security procedure rules defined in 3GPP TS 33.501 §6.9.5.1. The AMF does not check for ongoing N2 handover procedures before initiating a NAS Security Mode Command, and vice versa. This can lead to mismatches between NAS and AS security contexts in the network and the UE. This vulnerability is fixed in 4.2.2.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-44330 — free5GC is an open-source implementation of the 5G core network (10.0 CRITICAL)
- CVE-2026-44329 — free5GC is an open-source implementation of the 5G core network (10.0 CRITICAL)
- CVE-2026-44328 — free5GC is an open-source implementation of the 5G core network (8.2 HIGH)
- CVE-2026-44327 — free5GC is an open-source implementation of the 5G core network (10.0 CRITICAL)
- CVE-2026-44326 — free5GC is an open-source implementation of the 5G core network (9.4 CRITICAL)
Same CWE
- CVE-2026-11127 — Inappropriate implementation in WebAPKs in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform domain sp... (6.5 MEDIUM)
- CVE-2026-11122 — Inappropriate implementation in Keyboard in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or... (6.1 MEDIUM)
- CVE-2026-44475 — Ella Core is a 5G core designed for private networks (6.1 MEDIUM)
- CVE-2026-44474 — Ella Core is a 5G core designed for private networks (3.7 LOW)
- CVE-2026-44473 — Ella Core is a 5G core designed for private networks (7.1 HIGH)