Type Confusion Vulnerability in free5GC's 5G Core Network Implementation
CVE-2026-44325

7.5HIGH

Key Information:

Vendor

Free5gc

Status
Free5gc
Vendor
CVE Published:
27 May 2026

What is CVE-2026-44325?

The vulnerability in free5GC's NRF root SBI endpoint POST /oauth2/token exhibits a parser-level type confusion issue. This occurs when the handler interprets several fields improperly and allows an attacker to send a specially crafted unauthenticated request, which can lead to a panic state on the server when data types are incompatible. This results in the endpoint being susceptible to repeated HTTP 500 errors, exposing the system to potential exploitation. The issue has been addressed in version 4.2.2.

Affected Version(s)

free5gc < 4.2.2

References

https://github.com/free5gc/free5gc/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/free5gc/free5gc/issues/918
x_refsource_MISC
https://github.com/free5gc/nrf/pull/83
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.