Launch Week Day 1: Announcing Security Design Review
Start for Free
go

github.com/free5gc/udr

View on go registry
9 Total advisories
9 Vulnerabilities
0 Malware

Vulnerabilities

UNKNOWN
Go

CVE-2026-47780

free5GC UDR has improper `ueId` validation in EE subscription handlers that allows arbitrary identifier persistence
MEDIUM 4.3
Go

CVE-2026-44323

free5GC's UDR nudr-dr DELETE amf-subscriptions panics on missing subsId when UE state exists (nil pointer dereference)
MEDIUM 6.5
Go

CVE-2026-44324

free5GC's UDR nudr-dr DELETE amf-subscriptions panics on missing UE state via nil interface type assertion (single authenticated request)
HIGH 7.5
Go

CVE-2026-40247

free5gc UDR improper path validation allows unauthenticated access to Traffic Influence Subscriptions
HIGH 7.5
Go

CVE-2026-40248

free5gc UDR improper path validation allows unauthenticated creation and modification of Traffic Influence Subscriptions
MEDIUM 5.8
Go

CVE-2026-40343

free5GC UDR: Fail-open handling in PolicyDataSubsToNotifyPost allows unintended subscription creation
MEDIUM 5.3
Go

CVE-2026-40249

free5gc UDR fail-open request handling in PolicyDataSubsToNotifySubsIdPut may allow unintended subscription updates after input errors
HIGH 7.5
Go

CVE-2026-40246

free5gc UDR improper path validation allows unauthenticated deletion of Traffic Influence Subscriptions
HIGH 7.5
Go

CVE-2026-40245

free5gc UDR nudr-dr influenceData/subs-to-notify leaks SUPI in error response body without authentication

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes