—
GO-2026-5109
free5GC's SMF UPI POST /upi/v1/upNodesLinks exits the SMF process on overlapping UE pools (unauthenticated, reachable Fatalf) in github.com/free5gc/smf
Details
free5GC's SMF UPI POST /upi/v1/upNodesLinks exits the SMF process on overlapping UE pools (unauthenticated, reachable Fatalf) in github.com/free5gc/smf
Are you affected?
Enter the version of the package you're using.
Affected packages
Go / github.com/free5gc/smf
Introduced in:
0 No fixed version published yet for github.com/free5gc/smf (go modules). Pin to a known-safe version or switch to an alternative.
References
- https://github.com/free5gc/free5gc/security/advisories/GHSA-44qj-cghf-9p97 [ADVISORY]
- https://nvd.nist.gov/vuln/detail/CVE-2026-44321 [ADVISORY]
- https://github.com/free5gc/smf/commit/e0974e07ddab44a67d36a563cca383b2449e33e5 [FIX]
- https://github.com/free5gc/smf/pull/203 [FIX]
- https://github.com/free5gc/free5gc/issues/906 [WEB]