CVE-2026-41135
Memory Leak in free5GC PCF Causes Denial of Service
Publication date: 2026-04-22
Last updated on: 2026-04-23
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| free5gc | free5gc | to 4.2.1 (inc) |
| free5gc | pcf | to 1.4.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in free5GC UDR, the Policy Control Function for free5GC, an open-source 5G mobile core network project. It is a memory leak in versions prior to 1.4.3 that allows any unauthenticated attacker with network access to the PCF SBI interface to cause uncontrolled memory growth. This happens because a new CORS middleware is registered on every incoming HTTP request due to a router.Use() call inside an HTTP handler, which causes the Gin router's handler chain to grow indefinitely.
As a result, memory usage progressively increases, eventually exhausting available memory and causing a Denial of Service (DoS) on the PCF. This prevents all User Equipments (UEs) from obtaining Access and Mobility (AM) and Session Management (SM) policies, blocking 5G session establishment.
The issue is fixed in version 1.4.3.
How can this vulnerability impact me? :
This vulnerability can lead to a Denial of Service (DoS) condition on the Policy Control Function (PCF) of the free5GC 5G core network.
- Attackers can cause uncontrolled memory growth by sending repeated HTTP requests, eventually exhausting system memory.
- The DoS prevents User Equipments (UEs) from obtaining necessary Access and Mobility (AM) and Session Management (SM) policies.
- This blocks the establishment of 5G sessions, potentially disrupting mobile network services for users.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade free5GC UDR to version 1.4.3 or later, which contains the patch addressing the memory leak issue.
Until the upgrade can be applied, consider restricting network access to the PCF SBI interface to trusted sources only, to prevent unauthenticated attackers from sending repeated HTTP requests to the OAM endpoint.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability causes a denial of service in the Policy Control Function (PCF) of free5GC, which prevents user equipment from obtaining access and session management policies and blocks 5G session establishment.
While the CVE description does not explicitly mention compliance with standards such as GDPR or HIPAA, the denial of service could impact the availability aspect of these regulations, which require systems to be reliably available and resilient.
However, since the vulnerability does not indicate any data breach, confidentiality, or integrity compromise, its direct effect on compliance with data protection regulations is limited to potential service disruption.