CVE-2026-5360
Received Received - Intake
Type Confusion Vulnerability in Free5GC 4.2.0 aper Component

Publication date: 2026-04-02

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability has been found in Free5GC 4.2.0. The affected element is an unknown function of the component aper. Such manipulation leads to type confusion. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 26205eb01705754b7b902ad6c4b613c96c881e29. It is best practice to apply a patch to resolve this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-02
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2026-04-02
EPSS Evaluated
2026-05-05
NVD
CVE-2026-5360
EUVD
EUVD-2026-18414
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
free5gc free5gc 4.2.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-843 The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

The vulnerability in Free5GC 4.2.0 arises because the system improperly accepts non-PrintableString values in fields where the specification requires PrintableString encoding. Specifically, in NGAP messages like NGSetupRequest, fields such as RANNodeName are supposed to contain only PrintableString characters, but Free5GC accepts arbitrary byte sequences instead.

This deviation from the ASN.1 specification can lead to type confusion, causing crashes or bugs when the malformed data is processed later. The vulnerability is due to a lack of strict ASN.1 type validation in Free5GC's NGAP message processing, which can be exploited remotely but with high complexity and difficult exploitability.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The vulnerability in Free5GC 4.2.0 involves improper acceptance of non-PrintableString values where the specification mandates PrintableString encoding, leading to potential crashes or bugs. This deviation from the ASN.1 X.680 standard indicates a lack of strict type validation in message processing.

While the CVE description and resources do not explicitly mention compliance with standards such as GDPR or HIPAA, the acceptance of malformed or invalid data could pose risks to system stability and security, which indirectly may affect compliance with regulations that require data integrity and secure processing.

The patch enforces strict validation of PrintableString values according to the X.680 ASN.1 specification, improving adherence to protocol standards and reducing risks of processing invalid data.

However, there is no direct information provided about the impact of this vulnerability on compliance with specific regulations like GDPR or HIPAA.


How can this vulnerability impact me? :

This vulnerability can impact system stability and security by allowing malformed or maliciously crafted NGAP messages to be accepted and processed. This can lead to crashes or unexpected behavior in the Free5GC system, potentially disrupting network operations.

Since the vulnerability involves type confusion due to improper validation, attackers might exploit it to cause denial of service or other unintended effects, although the attack complexity is high and exploitability is difficult.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring NGAP messages, specifically looking for NGSetupRequest messages containing RANNodeName Information Elements (IE) with non-PrintableString byte sequences that violate the ASN.1 PrintableString encoding rules.

Detection involves capturing and analyzing NGAP traffic to identify malformed RANNodeName fields that include invalid characters such as non-printable bytes (e.g., \x01\x02\x03\x04\x05).

A practical approach is to use packet capture tools like tcpdump or Wireshark on the network interface handling NGAP traffic, then filter for NGSetupRequest messages and inspect the RANNodeName IE for invalid characters.

  • Use tcpdump to capture NGAP traffic: tcpdump -i <interface> -w ngap_capture.pcap port <NGAP_port>
  • Open the capture file in Wireshark and filter for NGSetupRequest messages.
  • Inspect the RANNodeName IE field for non-PrintableString bytes or unexpected characters.

Additionally, check free5GC logs for warnings or trace messages indicating rejection or acceptance of malformed PrintableString values, as the vulnerable version improperly accepts invalid data without error.


What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to apply the patch identified by commit 26205eb01705754b7b902ad6c4b613c96c881e29, which enforces strict validation of PrintableString values according to the X.680 ASN.1 standard.

This patch updates the free5gc/aper component to reject malformed NGAP messages containing invalid PrintableString data, preventing potential crashes or security issues.

If patching immediately is not possible, consider monitoring and filtering NGAP traffic to block or alert on messages with invalid RANNodeName fields to reduce exposure.

It is also recommended to upgrade free5GC to a version that includes this fix or apply the pull request #11 from the free5gc/aper repository that implements the validation.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart