CVE-2026-42083

Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2

Description The PCF Npcf SMPolicyControl service lacks authentication middleware in the NewServer() function, where the smPolicyGroup route group is created without attaching the RouterAuthorizationCheck middleware. This allows unauthenticated requests to bypass OAuth token validation and reach business logic. This issue can lead to the disclosure of subscriber SUPI (Subscription Permanent Identifier). The affected endpoints are "/npcf-smpolicycontrol/v1/sm-policies", "/npcf-smpolicycontrol/v1/sm-policies/{smPolicyId}", "/npcf-smpolicycontrol/v1/sm-policies/{smPolicyId}/update", and "/npcf-smpolicycontrol/v1/sm-policies/{smPolicyId}/delete".

Recommendations Update to version 4.2.2.