CVE-2026-44327 critical 10.0
10.0
22h ago
free5GC's NEF nnef-oam route group is unauthenticated; no-token requests reach the OAM handler
golang
CVE-2026-44330 critical 10.0
10.0
22h ago
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-pfdmanagement route group without inbound OAuth2/bearer-token authorization. A network a…
golang
CVE-2026-44315 critical 9.4
9.4
21h ago
free5GC's NEF 3gpp-pfd-management API is unauthenticated; forged bearer tokens can create, read, and delete PFD transactions
golang
CVE-2026-44326 critical 9.4
9.4
22h ago
free5GC's NEF 3gpp-traffic-influence API is unauthenticated; missing or forged bearer tokens can create, read, patch, and delete subscriptions
golang
CVE-2026-44319 high 7.5
7.5
22h ago
free5GC's NEF crashes via logger.Fatal on PFD notification delivery failure (attacker-controlled notifyUri)
golang
CVE-2026-44322 high 7.5
7.5
22h ago
free5GC's NEF 3gpp-pfd-management PATCH applications/{appId} panics on UDR access failure due to nil ProblemDetails dereference
golang
CVE-2026-44320 high 7.3
7.3
22h ago
free5GC's NEF nnef-callback route group is unauthenticated; forged callback requests are accepted into the processing path
golang