CVE-2026-33063

Name of the Vulnerable Software and Affected Versions free5GC versions prior to 1.4.2 free5GC version 4.0.1

Description free5GC is an open source 5G core network. A flaw exists in the AUSF component where an improper null check can lead to a denial of service. Specifically, the GetSupiFromSuciSupiMap function attempts to convert an interface from interface{} to *context.SuciSupiMap without verifying if the underlying value is nil. If SuciSupiMap is nil, the code will panic, resulting in a complete denial of service for the AUSF authentication service. This issue affects deployments using the AUSF UE authentication service, accessible via the /nausf-auth/v1/ue-authentications API endpoint. An attacker can trigger this by sending a crafted UE authentication request.

Recommendations Upgrade free5GC to version 1.4.2 or later. Restrict access to the AUSF API endpoint /nausf-auth/v1/ue-authentications to trusted sources only.