CVE-2026-27643

Name of the Vulnerable Software and Affected Versions free5GC versions prior to 1.4.2

Description The free5GC UDR component, a user data repository for 5G mobile core networks, exhibits an information disclosure issue. The NEF component reveals internal parsing error details to remote clients, potentially aiding attackers in service fingerprinting. This affects all deployments of free5GC utilizing the Nnef PfdManagement service. The issue stems from the reliable leakage of parsing errors, such as invalid characters, to external entities.

Recommendations Apply the patch available in free5gc/udr pull request 56.