Information disclosure in Free5gc

CVE-2026-33192

Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request (from UDR) into a 500 Internal Server Error when handlin…

EPSS: 0.000 (3.1th percentile) — read the EPSS interpretation.

Affected products

Free5gc — versions < 1.4.2

Weakness classification (CWE)

CWE-209 — Generation of Error Message Containing Sensitive Information

References

https://github.com/free5gc/free5gc/security/advisories/GHSA-5rvc-5cwx-g5x8 (x_refsource_CONFIRM)
https://github.com/free5gc/free5gc/issues/784 (x_refsource_MISC)
https://github.com/free5gc/udm/pull/79 (x_refsource_MISC)