User Data Repository Vulnerability in free5GC by free5GC
CVE-2026-27643

6.6MEDIUM

Key Information:

Vendor

Free5gc

Status
Udr
Vendor
CVE Published:
24 February 2026

What is CVE-2026-27643?

The free5GC User Data Repository (UDR) has a vulnerability that allows the Network Exposure Function (NEF) to leak internal parsing errors to remote clients. This information disclosure can be exploited by attackers to conduct service fingerprinting, potentially aiding further attacks. All deployments utilizing the Nnef_PfdManagement service are at risk. It is crucial for users to apply the patch available in pull request #56 on the free5GC GitHub repository to mitigate this risk.

Affected Version(s)

udr <= 1.4.1

References

https://github.com/free5gc/free5gc/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/free5gc/free5gc/issues/753
x_refsource_MISC
https://github.com/free5gc/udr/pull/56
x_refsource_MISC

CVSS V4

Score:
6.6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.