Vulnerability in Free5gc Chf

CVE-2026-32937

free5GC is an open source 5G core network. free5GC CHF prior to version 1.2.2 has an out-of-bounds slice access vulnerability in the CHF `nchf-convergedcharging` service. A valid authenticated request to PUT `/nchf-convergedcharging/v3/rec…

EPSS: 0.000 (5.7th percentile) — read the EPSS interpretation.

Affected products

Free5gc Chf — versions < 1.2.2

Weakness classification (CWE)

CWE-129 — Improper Validation of Array Index

References

https://github.com/free5gc/free5gc/security/advisories/GHSA-6g43-577r-wf4x (x_refsource_CONFIRM)
https://github.com/free5gc/free5gc/issues/864 (x_refsource_MISC)
https://github.com/free5gc/chf/pull/61 (x_refsource_MISC)
https://github.com/free5gc/chf/commit/55af766f321a00afa978e806548c96f8a7d2433e (x_refsource_MISC)