UPI

free5GC's Session Management Function (SMF) UPI interface lacks authentication, allowing unauthenticated network attackers to read/write/delete UP-node and link topology data via exposed APIs.

free5GC's SMF is vulnerable to an unauthenticated denial-of-service attack where a crafted POST request to the `/upi/v1/upNodesLinks` endpoint can trigger a `Fatalf` call, terminating the entire SMF process, effectively disrupting network services.