Vulnerability in Free5gc

CVE-2026-33191

Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions prior to 1.4.2 are vulnerable to null byte injection in URL path parameters. A remote attacker can inject null bytes (URL-encoded as…

EPSS: 0.002 (42.5th percentile) — read the EPSS interpretation.

Affected products

Free5gc — versions < 1.4.2

Weakness classification (CWE)

References

https://github.com/free5gc/free5gc/security/advisories/GHSA-p9hg-pq3q-v9gv (x_refsource_CONFIRM)
https://github.com/free5gc/udm/commit/88de9fa74a1b3f3522e53b4cfa2d184712ffa4ee (x_refsource_MISC)