Information disclosure in Free5gc

CVE-2026-33065

Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request (from UDR) into a 500 Internal Server Error when handlin…

EPSS: 0.000 (15.5th percentile) — read the EPSS interpretation.

Affected products

Free5gc — versions < 1.4.2

Weakness classification (CWE)

CWE-209 — Generation of Error Message Containing Sensitive Information

References

https://github.com/free5gc/free5gc/security/advisories/GHSA-958m-gxmc-mccm (x_refsource_CONFIRM)
https://github.com/free5gc/free5gc/issues/783 (x_refsource_MISC)
https://github.com/free5gc/udm/pull/79 (x_refsource_MISC)
https://github.com/free5gc/udm/commit/88de9fa74a1b3f3522e53b4cfa2d184712ffa4ee (x_refsource_MISC)