CVE-2026-42459
free5GC: Improper Input Validation and Generation of Error Message Containing Sensitive Information in github.com/free5gc/udm
CVSS Score
0.0
EPSS Score
0.1%
EPSS Percentile
34th
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the free5GC UDM component fails to validate the supi path parameter in six GET handlers of the nudm-sdm (Subscriber Data Management) service. An unauthenticated attacker can inject control characters into the SUPI parameter, causing UDM to forward a malformed request to UDR and return a 500 Internal Server Error response that exposes internal infrastructure details. This vulnerability is fixed in 4.2.2.
| CWE | CWE-20 CWE-209 |
| Vendor | free5gc |
| Product | free5gc |
| Published | May 27, 2026 |
| Last Updated | May 28, 2026 |
Stay Ahead of the Next One
Get instant alerts for free5gc free5gc
Be the first to know when new unknown vulnerabilities affecting free5gc free5gc are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
free5gc / free5gc
< 4.2.2