CVE-2026-42459
BaseFortify
Publication date: 2026-05-27
Last updated on: 2026-05-27
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| free5gc | udm | to 4.2.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
| CWE-209 | The product generates an error message that includes sensitive information about its environment, users, or associated data. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in free5GC UDM allows an unauthenticated attacker to cause a 500 Internal Server Error that exposes sensitive internal infrastructure details, including hostnames, ports, API paths, and versions. This exposure of internal information could potentially lead to further attacks on internal 5G core components.
While the CVE description and resources do not explicitly mention compliance with standards such as GDPR or HIPAA, the exposure of sensitive internal details and the potential for further exploitation could be considered a risk to data confidentiality and system integrity, which are key aspects of these regulations.
Therefore, this vulnerability may negatively impact compliance with common security and privacy standards by increasing the risk of unauthorized access or data breaches, but no direct statement about regulatory compliance impact is provided.
How can this vulnerability impact me? :
The impact of this vulnerability includes the potential exposure of internal infrastructure details due to the 500 Internal Server Error response. Since the attacker can be unauthenticated and inject control characters, this could lead to information disclosure that might aid further attacks or exploitation of the system.
Can you explain this vulnerability to me?
This vulnerability exists in the free5GC UDM component prior to version 4.2.2. The UDM fails to properly validate the supi path parameter in six GET handlers of the nudm-sdm (Subscriber Data Management) service. An unauthenticated attacker can exploit this by injecting control characters into the SUPI parameter, which causes the UDM to forward a malformed request to the UDR. This results in a 500 Internal Server Error response that exposes internal infrastructure details.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade the free5GC UDM component to version 4.2.2 or later, where the issue has been fixed.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending specially crafted GET requests to the affected nudm-sdm service endpoints with malformed SUPI parameters containing control characters. If the system is vulnerable, it will respond with a 500 Internal Server Error that includes internal infrastructure details such as the UDR's hostname, port, API path structure, and version.
The affected GET handlers to test are:
- GET /:supi/smf-select-data
- GET /:supi
- GET /:supi/trace-data
- GET /:supi/ue-context-in-smf-data
- GET /:supi/nssai
- GET /:supi/sm-data
Example command using curl to test one endpoint (replace <base_url> with your UDM service URL):
curl -v "<base_url>/\x01smf-select-data"
If the response is a 500 Internal Server Error containing internal details, the system is vulnerable.