Vulnerability in Free5gc
CVE-2026-40249
free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for updating Policy Data notification subscriptions at /nudr-dr/v2/policy-data/subs-to-notify/{subsId} does no…
EPSS: 0.000 (10.2th percentile) — read the EPSS interpretation.
Affected products
- Free5gc — versions <= 4.2.1
Weakness classification (CWE)
References
- https://github.com/free5gc/free5gc/security/advisories/GHSA-gx38-8h33-pmxr (x_refsource_CONFIRM)