CVE-2026-40248 free5GC — Exploit & Vulnerability Details HIGH

Parameter	Value
CVSS	8.7 (HIGH)
Type	CWE-285 (Improper Authorization), CWE-636
Vendor	free5GC
Public PoC	No

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for creating or updating Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP 404 response when validation fails. Execution continues and the subscription is created or overwritten regardless.

An unauthenticated attacker with access to the 5G Service Based Interface can create or overwrite arbitrary Traffic Influence Subscriptions, including injecting attacker-controlled notificationUri values and arbitrary SUPIs, by supplying any value for the influenceId path segment. A patched version was not available at the time of publication.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Attack Requirements

None

No additional conditions

Privileges Required

None

No privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

None

No data leak

Integrity

High

Complete data modification

Availability

None

No disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-285 Improper Authorization

CWE-636

References 1

https://github.com/free5gc/free5gc/security/advisories/GHSA-jgq2-qv8v-5cmj

security-advisories@github.com

Menu

CVE-2026-40248

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 1

CVE Details

Editor's Choice

Menu

CVE-2026-40248

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 1

CVE Details

Editor's Choice

Stay informed on cybersecurity