Go/github.com/free5gc/smf — 4 CVEs

CRITICAL10.0CVE-2026-44329free5GC's SMF UPI management interface lacks auth middleware; unauthenticated topology read/write requests reach handlers in github.com/free5gc/smf

from 0, < 1.4.3

CRITICAL10.0CVE-2026-44329free5GC's SMF UPI management interface lacks auth middleware; unauthenticated topology read/write requests reach handlers in github.com/free5gc/smf

from 0, < 1.4.3

HIGH8.2CVE-2026-44328free5GC's SMF UPI DELETE /upi/v1/upNodesLinks/{ref} panics on AN-node deletion via nil UPF dereference; unauthenticated, state-mutating

from 0, < 1.4.3

HIGH7.5free5GC's SMF UPI POST /upi/v1/upNodesLinks exits the SMF process on overlapping UE pools (unauthenticated, reachable Fatalf)

from 0, <= 1.4.3

pkg:Go/github.com/free5gc/smf

✅ Check your installed version

All known vulnerabilities