Out-of-Bounds Slice Access in free5GC CHF Service
CVE-2026-32937

7.1HIGH

Key Information:

Vendor

Free5gc

Status
Chf
Vendor
CVE Published:
20 March 2026

What is CVE-2026-32937?

The free5GC CHF service prior to version 1.2.2 is vulnerable to an out-of-bounds slice access issue that can be exploited via a valid authenticated request to the recharge endpoint. This vulnerability may lead to server-side panics, which could disrupt the recharge functionality, flood logs, and severely impact service continuity. Implementing access restrictions, rate limiting, and ensuring proper panic recovery measures can mitigate the risks associated with this vulnerability.

Affected Version(s)

chf < 1.2.2

References

https://github.com/free5gc/free5gc/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/free5gc/free5gc/issues/864
x_refsource_MISC
https://github.com/free5gc/chf/pull/61
x_refsource_MISC

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.