Tag

5G

4 briefs RSS

Ella Core Vulnerable to UE Downlink Redirection via Forged PDUSessionResourceSetupResponse (CVE-2026-44473)

Ella Core is vulnerable to UE downlink redirection (CVE-2026-44473) due to missing SCTP association verification, enabling a malicious radio to forge a PDUSessionResourceSetupResponse and redirect downlink traffic.

core vulnerability 5G downlink redirection CVE-2026-44473

2r 1t May 11, 2026

critical advisory

free5GC SMF Unauthenticated UPI Access

2 rules 1 TTP 2 IOCs

free5GC's Session Management Function (SMF) UPI interface lacks authentication, allowing unauthenticated network attackers to read/write/delete UP-node and link topology data via exposed APIs.

SMF 5G Authentication Bypass free5GC UPI CVE-2026-44329

2r 1t 2i May 9, 2026

high advisory

Free5GC PCF Authentication Bypass Vulnerability

2 rules 1 TTP

Free5GC PCF versions prior to 1.4.3 are vulnerable to an authentication bypass due to missing middleware, allowing unauthenticated access to SM policy handlers and disclosure of subscriber SUPI.

pcf authentication-bypass 5g

2r 1t Jan 3, 2024

high advisory

free5GC NEF Unauthenticated Callback Vulnerability

2 rules 1 TTP

free5GC NEF v4.2.1 exposes an unauthenticated callback route group, enabling attackers to forge SMF callbacks and potentially corrupt AF traffic-influence or PFD-management subscription views, leading to unauthorized policy changes.

nef:v4.2.1 +1 5G NEF Authentication Bypass CWE-306 CWE-862

2r 1t Jan 2, 2024