Description
Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request (from UDR) into a 500 Internal Server Error when handling PATCH requests with an empty supi path parameter. Additionally, the UDM incorrectly translates the PATCH method to PUT when forwarding to UDR, indicating a deeper architectural issue. This leaks internal error handling behavior, making it difficult for clients to distinguish between client-side errors and server-side failures. The issue has been patched in version 1.4.2.
Published: 2026-03-20
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Information Leakage
Action: Immediate Patch
AI Analysis

Impact

The UDM component of free5GC mishandles PATCH requests to update sdm-subscriptions when the supi path parameter is empty. Instead of propagating the downstream 400 Bad Request from the UDR, it converts the response into a 500 Internal Server Error. This reversal exposes internal error‑handling behavior, preventing clients from distinguishing between client‑side errors and server failures. The weakness is classed as CWE‑209 Information Exposure.

Affected Systems

All releases of free5GC prior to version 1.4.2, specifically the UDM service identified by the CPES cpe:2.3:a:free5gc:udm. The vendor product is free5gc:free5gc. No sub‑release details are provided beyond the major version, so any build before 1.4.2 is considered impacted.

Risk and Exploitability

The CVSS score of 8.7 marks the vulnerability as high severity, while an EPSS score of less than 1% and absence from KEV suggest limited current exploitation. The flaw can be triggered through external network traffic by sending a PATCH request with an empty supi value, leading to error‑handling leakage. Attackers could map server responses to infer service behavior, making the impact significant in reachable environments.

Generated by OpenCVE AI on March 23, 2026 at 19:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade free5GC to version 1.4.2 or later, where the bug is fixed.
  • Verify that the UDM service now validates the supi parameter and returns a proper 400 status when it is missing.
  • Apply regular security updates and monitor free5GC release notes for related changes.

Generated by OpenCVE AI on March 23, 2026 at 19:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-5rvc-5cwx-g5x8 free5GC UDM incorrectly returns 500 for empty supi path parameter in PATCH sdm-subscriptions reques
History

Mon, 23 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

 cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Mon, 23 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Free5gc udm
CPEs cpe:2.3:a:free5gc:udm:*:*:*:*:*:go:*:*
Vendors & Products Free5gc udm
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Fri, 20 Mar 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Free5gc
Free5gc free5gc
Vendors & Products Free5gc
Free5gc free5gc

Fri, 20 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 20 Mar 2026 08:30:00 +0000

Type Values Removed Values Added
Description Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request (from UDR) into a 500 Internal Server Error when handling PATCH requests with an empty supi path parameter. Additionally, the UDM incorrectly translates the PATCH method to PUT when forwarding to UDR, indicating a deeper architectural issue. This leaks internal error handling behavior, making it difficult for clients to distinguish between client-side errors and server-side failures. The issue has been patched in version 1.4.2.
Title free5GC UDM incorrectly returns 500 for empty supi path parameter in PATCH sdm-subscriptions reques
Weaknesses CWE-209
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Free5gc Free5gc Udm
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-20T12:21:06.644Z

Reserved: 2026-03-17T22:16:36.721Z

Link: CVE-2026-33192

cve-icon Vulnrichment

Updated: 2026-03-20T12:20:12.615Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-20T09:16:16.230

Modified: 2026-03-23T18:32:46.770

Link: CVE-2026-33192

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:29:56Z

Weaknesses