Description
A vulnerability has been found in Free5GC 4.2.0. The affected element is an unknown function of the component aper. Such manipulation leads to type confusion. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 26205eb01705754b7b902ad6c4b613c96c881e29. It is best practice to apply a patch to resolve this issue.
Published: 2026-04-02
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote code execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a type confusion flaw in the aper component of Free5GC 4.2.0. Attackers can manipulate inputs to trigger incorrect type handling, potentially leading to memory corruption or arbitrary code execution. The flaw is considered remote, with high complexity and difficult exploitability. The public disclosure indicates that the issue is known and the patch is available.

Affected Systems

The affected vendor is Free5GC; the product is Free5GC, and the vulnerable version is 4.2.0. No other versions are listed as affected.

Risk and Exploitability

The CVSS score of 6.3 places the vulnerability in the medium severity range. Exploitability is described as difficult, and the EPSS score is not available, so the precise likelihood of exploitation is unknown. The vulnerability is not listed in the CISA KEV catalog, suggesting no confirmed exploit at the time of reporting. Nonetheless, the possibility of remote exploitation warrants timely remediation.

Generated by OpenCVE AI on April 2, 2026 at 22:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the patch corresponding to commit 26205eb01705754b7b902ad6c4b613c96c881e29 to address the type confusion in the aper component of Free5GC.
  • Upgrade to a Free5GC version that includes the patch if newer releases are available.
  • Verify that your deployment is no longer using the vulnerable 4.2.0 release, and if applicable, restart affected services.
  • Monitor security advisories for the Free5GC community for any updates or additional mitigations.

Generated by OpenCVE AI on April 2, 2026 at 22:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in Free5GC 4.2.0. The affected element is an unknown function of the component aper. Such manipulation leads to type confusion. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 26205eb01705754b7b902ad6c4b613c96c881e29. It is best practice to apply a patch to resolve this issue.
Title Free5GC aper type confusion
First Time appeared Free5gc
Free5gc free5gc
Weaknesses CWE-843
CPEs cpe:2.3:a:free5gc:free5gc:*:*:*:*:*:*:*:*
Vendors & Products Free5gc
Free5gc free5gc
References
Metrics cvssV2_0

{'score': 2.6, 'vector': 'AV:N/AC:H/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 3.7, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Free5gc Free5gc
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-02T17:00:19.072Z

Reserved: 2026-04-01T17:16:17.906Z

Link: CVE-2026-5360

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-02T17:16:32.733

Modified: 2026-04-03T16:10:23.730

Link: CVE-2026-5360

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T09:18:19Z

Weaknesses