github.com/free5gc/pcf
Go5 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/free5gc/pcfpage 1 of 1
- CVE-2025-60632MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.4.02025-11-24
An issue was discovered in Free5GC v4.0.0 and v4.0.1 allowing an attacker to cause a denial of service via crafted POST request to the Npcf_BDTPolicyControl API.
- CVE-2026-41135HIGHCVSS 7.5EG 7.5✓ Fixed in 1.4.32026-04-22
free5GC UDR is the Policy Control Function (PCF) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. A memory leak vulnerability in versions prior to 1.4.3 allows any unauthenticated attacker with network a…
- CVE-2026-42083HIGHCVSS 8.2EG 8.2✓ Fixed in 1.4.32026-05-27
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, PCF Npcf_SMPolicyControl missing authentication middleware allows unauthenticated access to SM policy handlers and disclosure of subscriber SUPI. In NewServer…
- CVE-2026-44316HIGHCVSS 7.5EG 7.5✓ Fixed in 1.4.22026-05-27
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's PCF POST /npcf-smpolicycontrol/v1/sm-policies handler (HandleCreateSmPolicyRequest) panics with a nil-pointer dereference when a downstream OpenAPI …
- CVE-2026-44317MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.4.32026-05-27
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's PCF POST /npcf-policyauthorization/v1/app-sessions handler panics on a single authenticated request whose ascReqData.suppFeat == "1" (enabling traff…
Check whether github.com/free5gc/pcf is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/free5gc/pcf CVEs against the assets you own.
Start Free Scan →