Package impact
GO / github.com/free5gc/nef
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-44327 | critical | 10.0 | 10.0 | 20h ago | free5GC's NEF nnef-oam route group is unauthenticated; no-token requests reach the OAM handler | |
| CVE-2026-44330 | critical | 10.0 | 10.0 | 20h ago | free5GC's NEF nnef-pfdmanagement API is unauthenticated; forged bearer tokens can read PFD data and create/delete PFD subscriptions | |
| CVE-2026-44315 | critical | 9.4 | 9.4 | 20h ago | free5GC's NEF 3gpp-pfd-management API is unauthenticated; forged bearer tokens can create, read, and delete PFD transactions | |
| CVE-2026-44326 | critical | 9.4 | 9.4 | 20h ago | free5GC's NEF 3gpp-traffic-influence API is unauthenticated; missing or forged bearer tokens can create, read, patch, and delete subscriptions |