CVE-2026-42082

Published: Mag 27, 2026 Last Modified: Mag 27, 2026

ExploitDB:

Other exploit source:

Google Dorks:

LOW 3,7

Source: [email protected]

Attack Vector: adjacent_network

Attack Complexity: high

Privileges Required: low

User Interaction: none

Scope: unchanged

Confidentiality: none

Integrity: low

Availability: low

Description

AI Translation Available

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not enforce the concurrent security procedure rules defined in 3GPP TS 33.501 §6.9.5.1. The AMF does not check for ongoing N2 handover procedures before initiating a NAS Security Mode Command, and vice versa. This can lead to mismatches between NAS and AS security contexts in the network and the UE. This vulnerability is fixed in 4.2.2.

358

Improperly Implemented Security Check for Standard

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control

Potential Impacts:

Bypass Protection Mechanism

Applicable Platforms

All platforms may be affected

View CWE Details

https://github.com/free5gc/free5gc/security/advisories/GHSA…

https://github.com/free5gc/free5gc/security/advisories/GHSA-vrrx-58h3-prmh

CVE-2026-42082

Description

Improperly Implemented Security Check for Standard

Common Consequences

Applicable Platforms

Iscriviti alla newsletter