What is CVE-2026-5661?

CVE-2026-5661 is a medium-severity vulnerability in Free5gc, classified under Improper Resource Shutdown or Release. CVSS score: 5.3/10. Published 2026-04-06.

How severe is CVE-2026-5661?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Vulnerability in Free5gc

CVE-2026-5661

A vulnerability was identified in Free5GC 4.2.0. This affects an unknown function of the component NGSetupRequest Handler. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit is publicly available…

EPSS: 0.001 (24.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R.

Affected products

N/a Free5gc — versions 4.2.0

Weakness classification (CWE)

CWE-404 — Improper Resource Shutdown or Release

References

VDB-355485 | Free5GC NGSetupRequest denial of service (vdb-entry)
VDB-355485 | CTI Indicators (IOB, IOC, TTP) (signature, permissions-required)
Submit #785896 | Linux Foundation free5GC 4.2.0 State Synchronization Error (third-party-advisory)
github.com/free5gc/free5gc/issues/832 (issue-tracking)
github.com/free5gc/amf/pull/201 (issue-tracking, patch)
github.com/user-attachments/files/25581199/amfcfg.yaml (exploit)
github.com/free5gc/free5gc/ (product)

Frequently asked questions

What is CVE-2026-5661?: CVE-2026-5661 is a medium-severity vulnerability in Free5gc, classified under Improper Resource Shutdown or Release. CVSS score: 5.3/10. Published 2026-04-06.
How severe is CVE-2026-5661?: Medium severity. CVSS v3 base score is 5.3 out of 10.