Launch Week Day 1: Announcing Security Design Review
Start for Free
go

github.com/free5gc/nef

View on go registry
7 Total advisories
7 Vulnerabilities
0 Malware

Vulnerabilities

HIGH 7.3
Go

CVE-2026-44320

free5GC's NEF nnef-callback route group is unauthenticated; forged callback requests are accepted into the processing path
CRITICAL 10.0
Go

CVE-2026-44330

free5GC's NEF nnef-pfdmanagement API is unauthenticated; forged bearer tokens can read PFD data and create/delete PFD subscriptions
HIGH 7.5
Go

CVE-2026-44319

free5GC's NEF crashes via logger.Fatal on PFD notification delivery failure (attacker-controlled notifyUri)
CRITICAL 9.4
Go

CVE-2026-44315

free5GC's NEF 3gpp-pfd-management API is unauthenticated; forged bearer tokens can create, read, and delete PFD transactions
CRITICAL 9.4
Go

CVE-2026-44326

free5GC's NEF 3gpp-traffic-influence API is unauthenticated; missing or forged bearer tokens can create, read, patch, and delete subscriptions
HIGH 7.5
Go

CVE-2026-44322

free5GC's NEF 3gpp-pfd-management PATCH applications/{appId} panics on UDR access failure due to nil ProblemDetails dereference
CRITICAL 10.0
Go

CVE-2026-44327

free5GC's NEF nnef-oam route group is unauthenticated; no-token requests reach the OAM handler

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes