—
GO-2026-5349
free5GC NRF: type-confusion panic in POST /oauth2/token structured-form parser via Reflect.Set on incompatible types in github.com/free5gc/nrf
Details
free5GC NRF: type-confusion panic in POST /oauth2/token structured-form parser via Reflect.Set on incompatible types in github.com/free5gc/nrf
Are you affected?
Enter the version of the package you're using.
Affected packages
Go / github.com/free5gc/nrf
Introduced in:
0 Fixed in: 1.4.3 Fix
go get github.com/free5gc/nrf@v1.4.3 References
- https://github.com/free5gc/free5gc/security/advisories/GHSA-f8qv-7x5w-qr48 [ADVISORY]
- https://nvd.nist.gov/vuln/detail/CVE-2026-44325 [ADVISORY]
- https://github.com/free5gc/nrf/commit/f7bc77daa7425506af7569f2e61c2a210f5a0423 [FIX]
- https://github.com/free5gc/nrf/pull/83 [FIX]
- https://github.com/free5gc/free5gc/issues/918 [WEB]