Vulnerability in free5GC's UDR Service Allows Unintended Policy Data Modifications
CVE-2026-40249

6.9MEDIUM

Key Information:

Vendor: Free5gc
Status: Free5gc
Vendor: CVE Published:; 16 April 2026

What is CVE-2026-40249?

The free5GC UDR service’s PUT handler for Policy Data notification subscriptions exhibits a fail-open vulnerability. In versions 4.2.1 and earlier, if errors occur during request body retrieval or deserialization, the system fails to halt execution despite returning HTTP 500 or 400 error responses. This behavior may lead to unintended modifications of Policy Data notification subscriptions when invalid or empty inputs are processed, potentially impacting core network functionality. Users should be aware of this risk and monitor their configurations until an official patch is released.

Affected Version(s)

free5gc <= 4.2.1

References

https://github.com/free5gc/free5gc/security/advisories/GH...

x_refsource_CONFIRM

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2026
Vulnerability Reserved
Apr 10, 2026

CVE-2026-40249 Data

JSON

Free5gc

What is CVE-2026-40249?

Affected Version(s)

References

CVSS V4

Timeline