CVE-2026-44327

Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2

Description The Network Exposure Function (NEF) mounts the 'nnef-oam' route group without requiring inbound OAuth2 or bearer-token authorization. A network attacker with access to the NEF on the Service Based Interface (SBI) can access the OAM route without an Authorization header, resulting in a 200 OK response. While the current OAM handler is a stub that returns null, the defect is scoped to the entire route group. Consequently, any future Operations, Administration, and Maintenance (OAM) operations added to this group will lack an authentication boundary by default, allowing anonymous probing and potential unauthorized execution of future administrative functions.

Recommendations Update to version 4.2.2.