| CVE |
Severity |
CVSS |
Risk |
Published |
Description |
Impact |
| CVE-2026-44327 |
critical |
10.0 |
10.0 |
13h ago |
free5GC's NEF nnef-oam route group is unauthenticated; no-token requests reach the OAM handler |
|
| CVE-2026-44330 |
critical |
10.0 |
10.0 |
13h ago |
free5GC's NEF nnef-pfdmanagement API is unauthenticated; forged bearer tokens can read PFD data and create/delete PFD subscriptions |
|
| CVE-2026-44315 |
critical |
9.4 |
9.4 |
12h ago |
free5GC's NEF 3gpp-pfd-management API is unauthenticated; forged bearer tokens can create, read, and delete PFD transactions |
|
| CVE-2026-44326 |
critical |
9.4 |
9.4 |
12h ago |
free5GC's NEF 3gpp-traffic-influence API is unauthenticated; missing or forged bearer tokens can create, read, patch, and delete subscriptions |
|