Free5GC AMF Denial-of-Service Vulnerability (CVE-2026-30653)
A remote attacker can exploit CVE-2026-30653 in Free5GC v4.2.0 and earlier by sending crafted requests to the AMF component's HandleAuthenticationFailure function, leading to a denial-of-service condition.
Free5GC is an open-source 5G core network implementation. CVE-2026-30653 affects Free5GC versions 4.2.0 and earlier. The vulnerability resides within the Access and Mobility Management Function (AMF) component, specifically in the HandleAuthenticationFailure function. A remote, unauthenticated attacker can send malicious requests that trigger excessive resource consumption or a crash in the AMF, resulting in a denial-of-service (DoS) condition. This vulnerability was disclosed on March 24…
Detection coverage 2
Detect Suspicious Free5GC Authentication Failure Handling
highDetects potential attempts to exploit CVE-2026-30653 by monitoring for anomalous authentication failure handling patterns in Free5GC AMF logs.
Detect Free5GC AMF Excessive Resource Consumption
mediumAlerts on abnormal CPU or memory usage by the Free5GC AMF process, potentially indicating a DoS attack.
Detection queries are kept inside the platform. Get full rules →