| CVE-2026-44324 |
medium |
6.5 |
6.5 |
12h ago |
free5GC's UDR nudr-dr DELETE amf-subscriptions panics on missing UE state via nil interface type assertion (single authenticated request) |
|
| CVE-2026-44323 |
medium |
4.3 |
4.3 |
12h ago |
free5GC's UDR nudr-dr DELETE amf-subscriptions panics on missing subsId when UE state exists (nil pointer dereference) |
|
| CVE-2026-40343 |
unknown |
— |
— |
1mo ago |
free5GC UDR: Fail-open handling in PolicyDataSubsToNotifyPost allows unintended subscription creation |
|
| CVE-2026-40249 |
unknown |
— |
— |
1mo ago |
free5gc UDR fail-open request handling in PolicyDataSubsToNotifySubsIdPut may allow unintended subscription updates after input errors |
|
| CVE-2026-40248 |
unknown |
— |
— |
1mo ago |
free5gc UDR improper path validation allows unauthenticated creation and modification of Traffic Influence Subscriptions |
|
| CVE-2026-40247 |
unknown |
— |
— |
1mo ago |
free5gc UDR improper path validation allows unauthenticated access to Traffic Influence Subscriptions |
|
| CVE-2026-40246 |
unknown |
— |
— |
1mo ago |
free5gc UDR improper path validation allows unauthenticated deletion of Traffic Influence Subscriptions |
|
| CVE-2026-40245 |
unknown |
— |
— |
1mo ago |
free5gc UDR nudr-dr influenceData/subs-to-notify leaks SUPI in error response body without authentication |
|