CVE-2026-40249

UNKNOWN 0.0

free5gc UDR fail-open request handling in PolicyDataSubsToNotifySubsIdPut may allow unintended subscription updates after input errors

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for updating Policy Data notification subscriptions at /nudr-dr/v2/policy-data/subs-to-notify/{subsId} does not return after request body retrieval or deserialization errors. Although HTTP 500 or 400 error responses are sent, execution continues and the processor is invoked with a potentially uninitialized or partially initialized PolicyDataSubscription object. This fail-open behavior may allow unintended modification of existing Policy Data notification subscriptions with invalid or empty input, depending on downstream processor and storage behavior. A patched version was not available at the time of publication.

CWE	CWE-754 CWE-636
Vendor	free5gc
Product	free5gc
Published	Apr 16, 2026

Stay Ahead of the Next One

Get instant alerts for free5gc free5gc

Be the first to know when new unknown vulnerabilities affecting free5gc free5gc are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

free5gc / free5gc

<= 4.2.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/free5gc/free5gc/security/advisories/GHSA-gx38-8h33-pmxr