Security Flaw in Free5GC's AMF Component
CVE-2026-42082

3.7LOW

Key Information:

Vendor: Free5gc
Status: Free5gc
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-42082?

The AMF (Access and Mobility Function) in Free5GC lacks enforcement of concurrent security procedure rules established in 3GPP TS 33.501 §6.9.5.1, which can lead to inconsistencies between the NAS (Non-Access Stratum) and AS (Access Stratum) security contexts during critical operations. Specifically, the AMF does not verify the status of ongoing N2 handover procedures prior to launching a NAS Security Mode Command, potentially compromising security integrity within the network and affecting user equipment (UE). This issue is rectified in version 4.2.2.

Affected Version(s)

free5gc < 4.2.2

References

https://github.com/free5gc/free5gc/security/advisories/GH...

x_refsource_CONFIRM

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
Apr 23, 2026

CVE-2026-42082 Data

JSON

Free5gc

What is CVE-2026-42082?

Affected Version(s)

References

CVSS V3.1

Timeline