Package impact
GO / github.com/free5gc/smf
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-44329 | critical | 10.0 | 10.0 | 23h ago | free5GC's SMF UPI management interface lacks auth middleware; unauthenticated topology read/write requests reach handlers | |
| CVE-2026-44328 | high | 8.2 | 8.2 | 22h ago | free5GC's SMF UPI DELETE /upi/v1/upNodesLinks/{ref} panics on AN-node deletion via nil UPF dereference; unauthenticated, state-mutating | |
| CVE-2026-44321 | high | 7.5 | 7.5 | 22h ago | free5GC's SMF UPI POST /upi/v1/upNodesLinks exits the SMF process on overlapping UE pools (unauthenticated, reachable Fatalf) |