CVE-2026-41135
Received Received - Intake
Memory Leak in free5GC PCF Causes Denial of Service

Publication date: 2026-04-22

Last updated on: 2026-04-23

Assigner: GitHub, Inc.

Description
free5GC UDR is the Policy Control Function (PCF) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. A memory leak vulnerability in versions prior to 1.4.3 allows any unauthenticated attacker with network access to the PCF SBI interface to cause uncontrolled memory growth by sending repeated HTTP requests to the OAM endpoint. The root cause is a `router.Use()` call inside an HTTP handler that registers a new CORS middleware on every incoming request, permanently growing the Gin router's handler chain. This leads to progressive memory exhaustion and eventual Denial of Service of the PCF, preventing all UEs from obtaining AM and SM policies and blocking 5G session establishment. Version 1.4.3 contains a patch.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-22
Last Modified
2026-04-23
Generated
2026-06-16
AI Q&A
2026-04-22
EPSS Evaluated
2026-06-14
NVD
CVE-2026-41135
EUVD
EUVD-2026-24575
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
free5gc free5gc to 4.2.1 (inc)
free5gc pcf to 1.4.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability exists in free5GC UDR, the Policy Control Function for free5GC, an open-source 5G mobile core network project. It is a memory leak in versions prior to 1.4.3 that allows any unauthenticated attacker with network access to the PCF SBI interface to cause uncontrolled memory growth. This happens because a new CORS middleware is registered on every incoming HTTP request due to a router.Use() call inside an HTTP handler, which causes the Gin router's handler chain to grow indefinitely.

As a result, memory usage progressively increases, eventually exhausting available memory and causing a Denial of Service (DoS) on the PCF. This prevents all User Equipments (UEs) from obtaining Access and Mobility (AM) and Session Management (SM) policies, blocking 5G session establishment.

The issue is fixed in version 1.4.3.

Impact Analysis

This vulnerability can lead to a Denial of Service (DoS) condition on the Policy Control Function (PCF) of the free5GC 5G core network.

  • Attackers can cause uncontrolled memory growth by sending repeated HTTP requests, eventually exhausting system memory.
  • The DoS prevents User Equipments (UEs) from obtaining necessary Access and Mobility (AM) and Session Management (SM) policies.
  • This blocks the establishment of 5G sessions, potentially disrupting mobile network services for users.
Mitigation Strategies

To mitigate this vulnerability, you should upgrade free5GC UDR to version 1.4.3 or later, which contains the patch addressing the memory leak issue.

Until the upgrade can be applied, consider restricting network access to the PCF SBI interface to trusted sources only, to prevent unauthenticated attackers from sending repeated HTTP requests to the OAM endpoint.

Compliance Impact

The vulnerability causes a denial of service in the Policy Control Function (PCF) of free5GC, which prevents user equipment from obtaining access and session management policies and blocks 5G session establishment.

While the CVE description does not explicitly mention compliance with standards such as GDPR or HIPAA, the denial of service could impact the availability aspect of these regulations, which require systems to be reliably available and resilient.

However, since the vulnerability does not indicate any data breach, confidentiality, or integrity compromise, its direct effect on compliance with data protection regulations is limited to potential service disruption.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-41135. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart