Cwe-306

Network-AI is vulnerable to missing authentication on the MCP HTTP endpoint, allowing unauthenticated privileged tool calls that could lead to configuration changes and agent manipulation.

free5GC NEF v4.2.1 exposes an unauthenticated callback route group, enabling attackers to forge SMF callbacks and potentially corrupt AF traffic-influence or PFD-management subscription views, leading to unauthorized policy changes.