Description
free5GC is an open source 5G core network. free5GC AUSF prior to version 1.4.2 has is an Improper Null Check vulnerability leading to Denial of Service. All deployments of free5GC v4.0.1 using the AUSF UE authentication service (`/nausf-auth/v1/ue-authentications` endpoint) are affected. A remote attacker can cause the AUSF service to panic and crash by sending a crafted UE authentication request that triggers a nil interface conversion in the `GetSupiFromSuciSupiMap` function. This results in complete denial of service for the AUSF authentication service. The `GetSupiFromSuciSupiMap` function attempts to perform an interface conversion from `interface{}` to `*context.SuciSupiMap` without checking if the underlying value is nil. When `SuciSupiMap` is nil, the code panics with "interface conversion: interface {} is nil, not *context.SuciSupiMap". free5GC AUSF version 1.4.2 patches the issue. There is no direct workaround at the application level. The recommendation is to apply the provided patch or restrict access to the AUSF API to trusted sources only.
Published: 2026-03-20
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via AUSF crash
Action: Apply Patch
AI Analysis

Impact

The vulnerability arises from an improper null check in the GetSupiFromSuciSupiMap function of the AUSF UE authentication service. When the function attempts an interface conversion on a nil value, the service panics with "interface conversion: interface {} is nil, not *context.SuciSupiMap". This panic terminates the AUF service, causing a denial of service for all authentication requests that hit the /nausf-auth/v1/ue-authentications endpoint.

Affected Systems

Affected deployments are all free5GC core networks running AUSF versions earlier than 1.4.2, including the long‑term support release free5GC v4.0.1. The vulnerability resides in the AUSF component of the free5GC suite and impacts the UE authentication service. Upgrading to AUSF 1.4.2 or later resolves the issue.

Risk and Exploitability

The CVSS score of 8.7 indicates high severity, although the EPSS score of less than 1% suggests the likelihood of exploitation is low at present. The vulnerability is not listed in CISA's KEV catalog. An attacker can trigger the crash by sending a crafted UE authentication request from a remote source, implying a network‑based attack vector. Mitigation requires applying the vendor patch or otherwise blocking external access to the AUSF authentication API.

Generated by OpenCVE AI on March 27, 2026 at 18:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade free5GC AUSF to version 1.4.2 or later
  • Restrict access to the /nausf-auth/v1/ue-authentications endpoint to trusted sources using firewall or network isolation

Generated by OpenCVE AI on March 27, 2026 at 18:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-4jrw-92fg-4jwx free5GC AUSF UE Authentication Panic on Nil SuciSupiMap Interface Conversion
History

Fri, 27 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Free5gc free5gc
CPEs cpe:2.3:a:free5gc:free5gc:*:*:*:*:*:*:*:*
Vendors & Products Free5gc free5gc
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Fri, 20 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 20 Mar 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Free5gc
Free5gc ausf
Vendors & Products Free5gc
Free5gc ausf

Fri, 20 Mar 2026 03:15:00 +0000

Type Values Removed Values Added
Description free5GC is an open source 5G core network. free5GC AUSF prior to version 1.4.2 has is an Improper Null Check vulnerability leading to Denial of Service. All deployments of free5GC v4.0.1 using the AUSF UE authentication service (`/nausf-auth/v1/ue-authentications` endpoint) are affected. A remote attacker can cause the AUSF service to panic and crash by sending a crafted UE authentication request that triggers a nil interface conversion in the `GetSupiFromSuciSupiMap` function. This results in complete denial of service for the AUSF authentication service. The `GetSupiFromSuciSupiMap` function attempts to perform an interface conversion from `interface{}` to `*context.SuciSupiMap` without checking if the underlying value is nil. When `SuciSupiMap` is nil, the code panics with "interface conversion: interface {} is nil, not *context.SuciSupiMap". free5GC AUSF version 1.4.2 patches the issue. There is no direct workaround at the application level. The recommendation is to apply the provided patch or restrict access to the AUSF API to trusted sources only.
Title free5GC AUSF UE Authentication Panic on Nil SuciSupiMap Interface Conversion
Weaknesses CWE-476
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Free5gc Ausf Free5gc
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-20T18:08:33.046Z

Reserved: 2026-03-17T19:27:06.343Z

Link: CVE-2026-33063

cve-icon Vulnrichment

Updated: 2026-03-20T16:36:02.893Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-20T03:16:01.260

Modified: 2026-03-27T17:06:55.163

Link: CVE-2026-33063

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T20:26:48Z

Weaknesses