CVE-2026-27643 in Free5GC
Summary
by MITRE • 02/24/2026
free5GC UDR is the user data repository (UDR) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, the NEF component reliably leaks internal parsing error details (e.g., invalid character 'n' after top-level value) to remote clients, which can aid attackers in service fingerprinting. All deployments of free5GC using the Nnef_PfdManagement service may be affected. free5gc/udr pull request 56 contains a patch for the issue. There is no direct workaround at the application level. The recommendation is to apply the provided patch.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 02/24/2026
The vulnerability identified as CVE-2026-27643 affects the free5GC user data repository (UDR) component within the open-source 5G mobile core network implementation. This issue specifically impacts the NEF (Network Exposure Function) component which serves as a critical interface between the 5G core network and external services. The flaw manifests in how the system handles malformed JSON input during parsing operations, exposing internal error messages that reveal implementation details to remote attackers. The affected version range includes all releases up to and including 1.4.1, making a significant portion of the free5GC deployment landscape potentially vulnerable. The NEF component's exposure through the Nnef_PfdManagement service creates a direct attack vector that adversaries can exploit to gather intelligence about the underlying system architecture.
The technical nature of this vulnerability involves information disclosure through error message leakage during JSON parsing operations. When the NEF component receives malformed JSON input containing invalid characters such as the newline character 'n' after top-level values, the system responds with detailed internal error messages rather than generic error responses. This type of information leakage falls under CWE-209, which specifically addresses the exposure of error information to unauthorized parties. The vulnerability enables service fingerprinting by revealing implementation details that attackers can use to understand the system's internal structure, parsing mechanisms, and potentially identify additional weaknesses in the network stack. The error messages contain sufficient technical details to help attackers understand the parsing logic and potentially craft more sophisticated attacks against the system.
The operational impact of this vulnerability extends beyond simple information disclosure, as it creates opportunities for attackers to perform reconnaissance activities against 5G core network deployments. Remote attackers can systematically test various malformed JSON inputs to map out the system's error handling behavior and gain insights into the underlying implementation. This reconnaissance capability can lead to more targeted attacks against other components of the free5GC system, as the leaked information provides attackers with knowledge about the system's internal workings. The vulnerability affects all deployments using the Nnef_PfdManagement service, which represents a significant portion of free5GC installations that rely on this network exposure function. From an attack perspective, this vulnerability aligns with ATT&CK technique T1212, which focuses on exploitation of information disclosure vulnerabilities to gather intelligence about the target system.
The remediation approach for this vulnerability requires immediate application of the patch referenced in free5gc/udr pull request 56, as no application-level workarounds are available to address the information disclosure directly. The patch should be implemented across all affected deployments to prevent the leakage of internal parsing error details to remote clients. Organizations using free5GC should conduct thorough testing of the patched version to ensure that the fix does not introduce compatibility issues with existing services while maintaining the security improvements. System administrators should also monitor for any potential side effects from the patch implementation, particularly regarding error handling behavior and logging mechanisms. The vulnerability highlights the importance of proper error handling in network-facing components and demonstrates how seemingly benign error messages can provide attackers with valuable reconnaissance information that could lead to more serious security incidents.