Information disclosure in Free5gc Udr

CVE-2026-27643

free5GC UDR is the user data repository (UDR) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, the NEF component reliably leaks internal parsing error details (e.g…

EPSS: 0.000 (15.5th percentile) — read the EPSS interpretation.

Affected products

Free5gc Udr — versions <= 1.4.1

Weakness classification (CWE)

CWE-209 — Generation of Error Message Containing Sensitive Information

References

https://github.com/free5gc/free5gc/security/advisories/GHSA-6468-f87j-6g82 (x_refsource_CONFIRM)
https://github.com/free5gc/free5gc/issues/753 (x_refsource_MISC)
https://github.com/free5gc/udr/pull/56 (x_refsource_MISC)
https://github.com/free5gc/udr/commit/754d23b03755ad59077ed529ce3b971e477080c4 (x_refsource_MISC)