| CVE |
Severity |
CVSS |
Risk |
Published |
Description |
Impact |
| CVE-2026-44329 |
critical |
10.0 |
10.0 |
13h ago |
free5GC's SMF UPI management interface lacks auth middleware; unauthenticated topology read/write requests reach handlers |
|
| CVE-2026-44328 |
high |
8.2 |
8.2 |
13h ago |
free5GC's SMF UPI DELETE /upi/v1/upNodesLinks/{ref} panics on AN-node deletion via nil UPF dereference; unauthenticated, state-mutating |
|
| CVE-2026-44321 |
high |
7.5 |
7.5 |
13h ago |
free5GC's SMF UPI POST /upi/v1/upNodesLinks exits the SMF process on overlapping UE pools (unauthenticated, reachable Fatalf) |
|