pkg:Go/github.com/free5gc/udr
9 total CVEsHIGH4MEDIUM4
✅ Check your installed version
All known vulnerabilities
HIGH7.5CVE-2026-40248free5gc UDR improper path validation allows unauthenticated creation and modification of Traffic Influence Subscriptions from 0, <= 1.4.2
HIGH7.5CVE-2026-40247free5gc UDR improper path validation allows unauthenticated access to Traffic Influence Subscriptions from 0, <= 1.4.2
HIGH7.5CVE-2026-40246free5gc UDR improper path validation allows unauthenticated deletion of Traffic Influence Subscriptions from 0, <= 1.4.2
HIGH7.5free5gc UDR nudr-dr influenceData/subs-to-notify leaks SUPI in error response body without authentication
from 0, <= 1.4.2
MEDIUM6.5free5GC's UDR nudr-dr DELETE amf-subscriptions panics on missing UE state via nil interface type assertion (single authenticated request)
from 0, < 1.4.3
MEDIUM5.8free5GC UDR: Fail-open handling in PolicyDataSubsToNotifyPost allows unintended subscription creation
from 0, <= 1.4.2
MEDIUM5.3free5gc UDR fail-open request handling in PolicyDataSubsToNotifySubsIdPut may allow unintended subscription updates after input errors
from 0, <= 1.4.2
MEDIUM4.3free5GC's UDR nudr-dr DELETE amf-subscriptions panics on missing subsId when UE state exists (nil pointer dereference)
from 0, < 1.4.3
—free5GC UDR has improper `ueId` validation in EE subscription handlers that allows arbitrary identifier persistence
from 0, <= 1.4.3