Description
free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, remote attackers can inject control characters (e.g., %00) into the supi parameter, triggering internal URL parsing errors (net/url: invalid control character). This exposes system-level error details and can be used for service fingerprinting. All deployments of free5GC using the UDM Nudm_UEAU service may be affected. free5gc/udm pull request 75 contains a fix for the issue. No direct workaround is available at the application level. Applying the official patch is recommended.
Published: 2026-02-24
Score: 6.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information disclosure and service fingerprinting
Action: Patch
AI Analysis

Impact

The vulnerability in the free5GC Unified Data Management (UDM) service allows remote attackers to inject control characters such as %00 into the supi parameter. This triggers internal URL parsing errors, causing the application to expose system‑level error details that can be leveraged for service fingerprinting. The flaw is a classic instance of poor input validation (CWE‑20).

Affected Systems

All free5GC deployments running UDM versions up to and including 1.4.1 are affected, as the issue originates in the Nudm_UEAU service implementation. To mitigate, use a version of UDM newer than 1.4.1 or apply the referenced patch.

Risk and Exploitability

The CVSS base score of 6.6 indicates moderate severity, while the EPSS score of less than 1% suggests a very low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, reinforcing that it is currently low risk. The attack vector is likely remote, requiring an attacker to send a crafted HTTP request to the UDM UEAU endpoint to trigger the error and gain exposed details.

Generated by OpenCVE AI on April 17, 2026 at 16:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official patch from free5gc’s pull request 75 to upgrade UDM beyond version 1.4.1.
  • Configure firewall or API‑gateway rules to limit the UDM UEAU endpoint to trusted IP ranges or internal networks until the patch is applied.
  • Use a reverse proxy to strip or encode control characters from supi parameters before they reach the UDM service, thereby preventing malformed requests from reaching the vulnerable code.

Generated by OpenCVE AI on April 17, 2026 at 16:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Feb 2026 16:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:free5gc:udm:*:*:*:*:*:go:*:*
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Tue, 24 Feb 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Free5gc
Free5gc udm
Vendors & Products Free5gc
Free5gc udm

Tue, 24 Feb 2026 00:45:00 +0000

Type Values Removed Values Added
Description free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, remote attackers can inject control characters (e.g., %00) into the supi parameter, triggering internal URL parsing errors (net/url: invalid control character). This exposes system-level error details and can be used for service fingerprinting. All deployments of free5GC using the UDM Nudm_UEAU service may be affected. free5gc/udm pull request 75 contains a fix for the issue. No direct workaround is available at the application level. Applying the official patch is recommended.
Title free5GC has Improper Input Validation in UDM UEAU Service
Weaknesses CWE-20
References
Metrics cvssV4_0

{'score': 6.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U'}

Subscriptions

Free5gc Udm
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-26T14:33:35.020Z

Reserved: 2026-02-20T22:02:30.029Z

Link: CVE-2026-27642

cve-icon Vulnrichment

Updated: 2026-02-26T14:33:15.576Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-24T01:16:15.390

Modified: 2026-02-25T16:44:26.120

Link: CVE-2026-27642

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T16:15:22Z

Weaknesses