anonhaven
Ad

CVE-2026-33064

HIGH CVSS 4.0: 8.7 EPSS 0.20%
Updated Mar 20, 2026
Linux
Parameter Value
CVSS 8.7 (HIGH)
Affected Versions before 1.4.2
Fixed In 1.4.2
Type CWE-478
Vendor Linux
Public PoC No

Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions prior to 1.4.2 are vulnerable to procedure panic caused by Nil Pointer Dereference in the /sdm-subscriptions endpoint. A remote attacker can cause the UDM service to panic and crash by sending a crafted POST request to the /sdm-subscriptions endpoint with a malformed URL path containing path traversal sequences (../) and a large JSON payload.

The DataChangeNotificationProcedure function in notifier.go attempts to access a nil pointer without proper validation, causing a complete service crash with "runtime error: invalid memory address or nil pointer dereference". Exploitation would result in UDM functionality disruption until recovery by restart. This issue has been fixed in version 1.4.2.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
None
No data leak
Integrity
None
No data modification
Availability
High
Complete denial of service

CVSS Vector v4.0

Weakness Type (CWE)

CWE-478

References 4

https://github.com/free5gc/free5gc/issues/781
security-advisories@github.com
https://github.com/free5gc/free5gc/security/advisories/GHSA-7g27-v5wj-jr75
security-advisories@github.com
https://github.com/free5gc/udm/commit/65d7070f4bfd016864cbbaefbd506bbc85d2fa92
security-advisories@github.com
https://github.com/free5gc/udm/pull/78
security-advisories@github.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-33194

Linux

6.8

CVE-2026-33179

Linux

5.5

CVE-2026-33150

Linux

7.8

CVE-2026-33192

Linux

8.7

CVE-2026-23278

Linux

None