Improper Null Check Vulnerability in free5GC AUSF Remote Authentication Service
CVE-2026-33063

8.7HIGH

Key Information:

Vendor

Free5gc

Status
Ausf
Vendor
CVE Published:
20 March 2026

What is CVE-2026-33063?

The free5GC AUSF (Authentication Serving Function) has a vulnerability that exposes the service to Denial of Service (DoS) attacks due to an improper null check. A remote attacker can exploit this issue by sending a specially crafted UE authentication request to the AUSF authentication service's endpoint (/nausf-auth/v1/ue-authentications). The exploitation triggers a nil interface conversion in the GetSupiFromSuciSupiMap function, leading to a panic and crash of the AUSF service. This results in the complete unavailability of the AUSF authentication service. Users are advised to upgrade to free5GC AUSF version 1.4.2, which contains the necessary patches to remediate this vulnerability. In addition, restricting access to the AUSF API to trusted sources is recommended to mitigate potential risks.

Affected Version(s)

ausf < 1.4.2

References

https://github.com/free5gc/free5gc/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/free5gc/free5gc/issues/778
x_refsource_MISC
https://github.com/free5gc/ausf/pull/52
x_refsource_MISC

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.