CVE-2026-33192

Name of the Vulnerable Software and Affected Versions Free5GC versions prior to 1.4.2

Description Free5GC’s UDM component exhibits improper error handling and HTTP method translation issues. Specifically, when handling PATCH requests to the /sdm-subscriptions endpoint with an empty supi path parameter, the UDM incorrectly converts a 400 Bad Request (received from UDR) into a 500 Internal Server Error. Additionally, the UDM incorrectly translates the PATCH method to PUT when forwarding the request to UDR. This behavior leaks internal error handling details, making it difficult for clients to differentiate between client-side and server-side errors. The issue affects deployments using the UDM Nudm SDM service and impacts the handling of PATCH operations. The supi parameter in the API endpoint is vulnerable.

Recommendations Upgrade to Free5GC version 1.4.2 or later to address the issue. As a temporary workaround, implement API gateway-level validation to reject PATCH requests with empty path parameters before they reach the UDM.