Package impact
Go / github.com/free5gc/pcf
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-42083 | high | 8.2 | 8.2 | 18h ago | Free5GC PCF: Missing authentication middleware in Npcf_SMPolicyControl allows access to SM policy handlers and disclosure of subscriber SUPI | |
| CVE-2026-44316 | high | 7.5 | 7.5 | 18h ago | free5GC's PCF npcf-smpolicycontrol POST /sm-policies panics on downstream UDR/OpenAPI 404 via nil pointer dereference | |
| CVE-2026-44317 | medium | 6.5 | 6.5 | 18h ago | free5GC's PCF npcf-policyauthorization POST /app-sessions panics on suppFeat=1 with missing AfRoutReq via nil pointer dereference | |
| CVE-2026-41135 | unknown | — | — | 1mo ago | free5GC PCF: Memory Leak via CORS Middleware Registration in HTTP Handler Leads to Denial of Service | |
| CVE-2025-60632 | unknown | — | — | 6mo ago | Free5GC is vulnerable to DoS through its Npcf_BDTPolicyControl POST API in github.com/free5gc/pcf |