CRITICAL10.0CVE-2026-44330free5GC's NEF nnef-pfdmanagement API is unauthenticated; forged bearer tokens can read PFD data and create/delete PFD subscriptions
from 0, <= 1.2.3
CRITICAL10.0CVE-2026-44327free5GC's NEF nnef-oam route group is unauthenticated; no-token requests reach the OAM handler
from 0, <= 1.2.3
CRITICAL9.4CVE-2026-44326free5GC's NEF 3gpp-traffic-influence API is unauthenticated; missing or forged bearer tokens can create, read, patch, and delete subscriptions
from 0, <= 1.2.3
CRITICAL9.4free5GC's NEF 3gpp-pfd-management API is unauthenticated; forged bearer tokens can create, read, and delete PFD transactions
from 0, <= 1.2.3
HIGH7.5free5GC's NEF 3gpp-pfd-management PATCH applications/{appId} panics on UDR access failure due to nil ProblemDetails dereference
from 0, < 1.2.3
HIGH7.5free5GC's NEF crashes via logger.Fatal on PFD notification delivery failure (attacker-controlled notifyUri)
from 0, < 1.2.3
HIGH7.3free5GC's NEF nnef-callback route group is unauthenticated; forged callback requests are accepted into the processing path