github.com/free5gc/udr
Go9 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/free5gc/udrpage 1 of 1
- CVE-2026-40245HIGHCVSS 7.5EG 7.52026-04-16
Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions 4.2.1 and below contain an information disclosure vulnerability in the UDR (Unified Data Repository) service. The handler for GET /nu…
- CVE-2026-40246HIGHCVSS 7.5EG 7.52026-04-16
free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the UDR service, the handler for deleting Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, bu…
- CVE-2026-40247HIGHCVSS 7.5EG 7.52026-04-16
free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for reading Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but…
- CVE-2026-40248HIGHCVSS 7.5EG 7.52026-04-16
free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for creating or updating Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-t…
- CVE-2026-40249MEDIUMCVSS 5.3EG 5.32026-04-16
free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for updating Policy Data notification subscriptions at /nudr-dr/v2/policy-data/subs-to-notify/{subsId} does no…
- CVE-2026-40343MEDIUMCVSS 5.8EG 5.82026-04-22
free5GC UDR is the user data repository (UDR) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.2, a fail-open request handling flaw in the UDR service causes the `/nud…
- CVE-2026-44323MEDIUMCVSS 4.3EG 4.3✓ Fixed in 1.4.32026-05-27
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/{ueId}/{servingPlmnId}/ee-subscriptions/{subsId}/amf-subscriptions handler contains a nil-pointer dereference …
- CVE-2026-44324MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.4.32026-05-27
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/{ueId}/{servingPlmnId}/ee-subscriptions/{subsId}/amf-subscriptions handler panics on a single authenticated re…
- CVE-2026-47780MEDIUMCVSS 0.0EG 0.02026-06-11
free5GC UDR has improper `ueId` validation in EE subscription handlers that allows arbitrary identifier persistence ### Summary The free5GC UDR accepts arbitrary non-3GPP ueId values in the EE subscription creation and query flows because…
Check whether github.com/free5gc/udr is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/free5gc/udr CVEs against the assets you own.
Start Free Scan →