| CVE-2026-44327 |
critical |
10.0 |
10.0 |
13h ago |
free5GC's NEF nnef-oam route group is unauthenticated; no-token requests reach the OAM handler |
|
| CVE-2026-44330 |
critical |
10.0 |
10.0 |
13h ago |
free5GC's NEF nnef-pfdmanagement API is unauthenticated; forged bearer tokens can read PFD data and create/delete PFD subscriptions |
|
| CVE-2026-44315 |
critical |
9.4 |
9.4 |
12h ago |
free5GC's NEF 3gpp-pfd-management API is unauthenticated; forged bearer tokens can create, read, and delete PFD transactions |
|
| CVE-2026-44326 |
critical |
9.4 |
9.4 |
13h ago |
free5GC's NEF 3gpp-traffic-influence API is unauthenticated; missing or forged bearer tokens can create, read, patch, and delete subscriptions |
|
| CVE-2026-44319 |
high |
7.5 |
7.5 |
12h ago |
free5GC's NEF crashes via logger.Fatal on PFD notification delivery failure (attacker-controlled notifyUri) |
|
| CVE-2026-44322 |
high |
7.5 |
7.5 |
12h ago |
free5GC's NEF 3gpp-pfd-management PATCH applications/{appId} panics on UDR access failure due to nil ProblemDetails dereference |
|
| CVE-2026-44320 |
high |
7.3 |
7.3 |
12h ago |
free5GC's NEF nnef-callback route group is unauthenticated; forged callback requests are accepted into the processing path |
|