CVE-2026-33192

Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request (from UDR) into a 500 Internal Server Error when handling PATCH requests with an empty supi path parameter. Additionally, the UDM incorrectly translates the PATCH method to PUT when forwarding to UDR, indicating a deeper architectural issue. This leaks internal error handling behavior, making it difficult for clients to distinguish between client-side errors and server-side failures. The issue has been patched in version 1.4.2.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/free5gc/free5gc/issues/784	Exploit Issue Tracking Patch Vendor Advisory
https://github.com/free5gc/free5gc/security/advisories/GHSA-5rvc-5cwx-g5x8	Patch Vendor Advisory
https://github.com/free5gc/udm/pull/79	Issue Tracking Patch

Configurations

Configuration 1 (hide)

cpe:2.3:a:free5gc:udm:*:*:*:*:*:go:*:*

History

No history.

Information

Published : 2026-03-20 09:16

Updated : 2026-03-23 18:32

NVD link : CVE-2026-33192

Mitre link : CVE-2026-33192

CVE.ORG link : CVE-2026-33192

JSON object : View

Products Affected

free5gc

udm

CWE

CWE-209

Generation of Error Message Containing Sensitive Information

{"id": "CVE-2026-33192", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-20T09:16:16.230", "references": [{"url": "https://github.com/free5gc/free5gc/issues/784", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/free5gc/free5gc/security/advisories/GHSA-5rvc-5cwx-g5x8", "tags": ["Patch", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/free5gc/udm/pull/79", "tags": ["Issue Tracking", "Patch"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-209"}]}], "descriptions": [{"lang": "en", "value": "Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. In versions prior to 1.4.2, the UDM incorrectly converts a downstream 400 Bad Request (from UDR) into a 500 Internal Server Error when handling PATCH requests with an empty supi path parameter. Additionally, the UDM incorrectly translates the PATCH method to PUT when forwarding to UDR, indicating a deeper architectural issue. This leaks internal error handling behavior, making it difficult for clients to distinguish between client-side errors and server-side failures. The issue has been patched in version 1.4.2."}, {"lang": "es", "value": "Free5GC es un proyecto de c\u00f3digo abierto de la Linux Foundation para redes centrales m\u00f3viles de quinta generaci\u00f3n (5G). En versiones anteriores a la 1.4.2, el UDM convierte incorrectamente un 400 Bad Request descendente (del UDR) en un 500 Internal Server Error al manejar solicitudes PATCH con un par\u00e1metro de ruta supi vac\u00edo. Adem\u00e1s, el UDM traduce incorrectamente el m\u00e9todo PATCH a PUT al reenviar al UDR, lo que indica un problema arquitect\u00f3nico m\u00e1s profundo. Esto filtra el comportamiento interno de manejo de errores, dificultando a los clientes distinguir entre errores del lado del cliente y fallos del lado del servidor. El problema ha sido parcheado en la versi\u00f3n 1.4.2."}], "lastModified": "2026-03-23T18:32:46.770", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:free5gc:udm:*:*:*:*:*:go:*:*", "vulnerable": true, "matchCriteriaId": "C4C4212B-95F4-49DD-B6DA-F6DF4D8D7257", "versionEndExcluding": "1.4.2"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}