{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-41135/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-41135"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["free5GC UDR"],"_cs_severities":["high"],"_cs_tags":["free5GC","UDR","CVE-2026-41135","memory-leak","denial-of-service","5G"],"_cs_type":"advisory","_cs_vendors":["free5GC"],"content_html":"\u003cp\u003eThe free5GC UDR (User Data Repository) is a critical component of 5G mobile core networks, functioning as the Policy Control Function (PCF). A memory leak vulnerability, identified as CVE-2026-41135, affects free5GC UDR versions prior to 1.4.3. This vulnerability allows any unauthenticated attacker with network access to the PCF's SBI (Service Based Interface) to trigger uncontrolled memory growth. This is achieved by sending repeated HTTP requests to the OAM (Operations, Administration, and Management) endpoint. The root cause lies in the repeated registration of CORS middleware within an HTTP handler, leading to a continuous expansion of the Gin router's handler chain. This progressive memory exhaustion ultimately results in a Denial of Service (DoS) condition, preventing User Equipments (UEs) from obtaining necessary AM (Access and Mobility) and SM (Session Management) policies, effectively blocking 5G session establishment. The vulnerability was patched in version 1.4.3.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains network access to the free5GC UDR's PCF SBI interface.\u003c/li\u003e\n\u003cli\u003eAttacker crafts and sends repeated HTTP requests to the UDR's OAM endpoint.\u003c/li\u003e\n\u003cli\u003eThe HTTP handler processes the request.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003erouter.Use()\u003c/code\u003e call inside the handler registers a new CORS middleware.\u003c/li\u003e\n\u003cli\u003eWith each request, the Gin router's handler chain grows due to the repeated middleware registration.\u003c/li\u003e\n\u003cli\u003eMemory consumption progressively increases due to the expanding handler chain.\u003c/li\u003e\n\u003cli\u003eThe UDR server experiences memory exhaustion.\u003c/li\u003e\n\u003cli\u003eThe UDR becomes unresponsive, resulting in a Denial of Service (DoS) condition, preventing UEs from obtaining AM and SM policies and blocking 5G session establishment.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe successful exploitation of CVE-2026-41135 leads to a Denial of Service (DoS) condition affecting the free5GC UDR. This prevents User Equipments (UEs) from obtaining necessary AM and SM policies, effectively blocking 5G session establishment. Depending on the scale of the deployment, this could impact hundreds or thousands of users within the affected network segment. Service providers relying on vulnerable versions of free5GC UDR face potential service outages and disruptions.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade free5GC UDR to version 1.4.3 or later to remediate CVE-2026-41135.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules in this brief to your SIEM to detect potential exploitation attempts targeting the UDR OAM endpoint (see rules below).\u003c/li\u003e\n\u003cli\u003eMonitor webserver logs for abnormally high request rates to the UDR OAM endpoint to identify potential attackers.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-24T12:00:00Z","date_published":"2024-01-24T12:00:00Z","id":"https://feed.craftedsignal.io/briefs/2024-01-24-free5gc-udr-dos/","summary":"An unauthenticated attacker can exploit a memory leak in free5GC UDR versions prior to 1.4.3 by sending repeated HTTP requests to the OAM endpoint, causing uncontrolled memory growth and denial of service.","title":"free5GC UDR Memory Leak Vulnerability Leads to Denial of Service","url":"https://feed.craftedsignal.io/briefs/2024-01-24-free5gc-udr-dos/"}],"language":"en","title":"CraftedSignal Threat Feed - CVE-2026-41135","version":"https://jsonfeed.org/version/1.1"}