Package impact
GO / github.com/free5gc/smf
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-44329 | critical | 10.0 | 10.0 | 1d ago | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without OAuth2/bearer-token authorization middleware. A network at… | |
| CVE-2026-44328 | high | 8.2 | 8.2 | 1d ago | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. On top of that, the DELETE /upi… | |
| CVE-2026-44321 | high | 7.5 | 7.5 | 1d ago | free5GC's SMF UPI POST /upi/v1/upNodesLinks exits the SMF process on overlapping UE pools (unauthenticated, reachable Fatalf) |