Description
free5GC UDR is the user data repository (UDR) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, the NEF component reliably leaks internal parsing error details (e.g., invalid character 'n' after top-level value) to remote clients, which can aid attackers in service fingerprinting. All deployments of free5GC using the Nnef_PfdManagement service may be affected. free5gc/udr pull request 56 contains a patch for the issue. There is no direct workaround at the application level. The recommendation is to apply the provided patch.
Published: 2026-02-24
Score: 6.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Patch Deployment
AI Analysis

Impact

The vulnerability is an improper error handling flaw in the NEF component of free5GC UDR. During parsing of network exposure function (NEF) requests, the component returns internal error details such as the invalid character position to remote clients. This exposes implementation specifics that could aid attackers in service fingerprinting, enabling more targeted attacks. The weakness maps to CWE-209 (Improper Output Neutralization for Security).

Affected Systems

Affected systems are free5GC UDR deployments that use the Nnef_PfdManagement service, specifically versions up to and including 1.4.1. Any implementation of the free5GC stack that incorporates this NEF component is potentially exposed.

Risk and Exploitability

The CVSSv3 score of 6.6 indicates moderate severity. The EPSS score of less than 1% reflects a very low exploitation likelihood. The vulnerability is not listed in the CISA KEV catalog. Attackers can exploit the flaw remotely by sending malformed requests to the NEF endpoint; the server then leaks parsing error details. Because the information is second‑party and not actionable for direct code execution, the risk is primarily for reconnaissance. Patch or upgrade is recommended.

Generated by OpenCVE AI on April 17, 2026 at 16:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the patch from free5gc/udr pull request 56 (commit 754d23b0) to correct the error handling logic.
  • Upgrade to free5GC UDR version 1.4.2 or later, which incorporates the fix.
  • Configure the NEF service to suppress detailed error messages in responses, reducing information leakage if the patch cannot be applied immediately.

Generated by OpenCVE AI on April 17, 2026 at 16:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Feb 2026 16:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:free5gc:udr:*:*:*:*:*:go:*:*
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Tue, 24 Feb 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Free5gc
Free5gc udr
Vendors & Products Free5gc
Free5gc udr

Tue, 24 Feb 2026 00:45:00 +0000

Type Values Removed Values Added
Description free5GC UDR is the user data repository (UDR) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, the NEF component reliably leaks internal parsing error details (e.g., invalid character 'n' after top-level value) to remote clients, which can aid attackers in service fingerprinting. All deployments of free5GC using the Nnef_PfdManagement service may be affected. free5gc/udr pull request 56 contains a patch for the issue. There is no direct workaround at the application level. The recommendation is to apply the provided patch.
Title free5GC has improper error handling in NEF with information exposure
Weaknesses CWE-209
References
Metrics cvssV4_0

{'score': 6.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U'}

Subscriptions

Free5gc Udr
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-26T14:36:45.483Z

Reserved: 2026-02-20T22:02:30.029Z

Link: CVE-2026-27643

cve-icon Vulnrichment

Updated: 2026-02-26T14:35:57.336Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-24T01:16:15.543

Modified: 2026-02-25T15:46:38.757

Link: CVE-2026-27643

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T16:15:22Z

Weaknesses