OAuth2/Bearer-Token Authorization Flaw in free5GC's SMF Component
CVE-2026-44329

10CRITICAL

Key Information:

Vendor

Free5gc

Status
Free5gc
Vendor
CVE Published:
27 May 2026

What is CVE-2026-44329?

An authorization flaw exists in free5GC's SMF component, where the UPI management route group is mounted without the necessary OAuth2/bearer-token authorization middleware. This vulnerability allows network attackers to access UPI endpoints on the SBI without any Authorization header. In practical demonstrations, this was shown to enable read, write, and delete operations on UPI endpoints. The issue was resolved in free5GC version 4.2.2.

Affected Version(s)

free5gc < 4.2.2

References

https://github.com/free5gc/free5gc/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/free5gc/free5gc/issues/887
x_refsource_MISC
https://github.com/free5gc/smf/pull/197
x_refsource_MISC

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.