What is the CVSS score of CVE-2026-33064?

CVE-2026-33064 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.2%.

Which versions of Suse are affected by CVE-2026-33064?

A critical vulnerability in free5GC v4.0.1's UDM service allows attackers to remotely crash the service, causing complete disruption of subscriber data management functionality.. A patch is available.

Suse CVE-2026-33064

HIGH

NULL Pointer Dereference (CWE-476)

2026-03-18 https://github.com/free5gc/udm

GHSA-7g27-v5wj-jr75

Denial Of Service Path Traversal Null Pointer Dereference Suse

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 18, 2026 - 20:15 vuln.today

Patch released

Mar 18, 2026 - 20:15 nvd

Patch available

CVE Published

Mar 18, 2026 - 20:06 nvd

HIGH 7.5

DescriptionNVD

Impact This is a NULL Pointer Dereference vulnerability leading to Denial of Service.

Security Impact: A remote attacker can cause the UDM service to panic and crash by sending a crafted POST request to the /sdm-subscriptions endpoint with a malformed URL path containing path traversal sequences (../) and a large JSON payload. The DataChangeNotificationProcedure function in notifier.go attempts to access a nil pointer without proper validation, causing a complete service crash with "runtime error: invalid memory address or nil pointer dereference".
Functional Impact: The service crashes completely, requiring manual restart. All UDM functionality is disrupted until recovery.
Affected Parties: All deployments of free5GC v4.0.1 using the UDM HTTP callback functionality.

Patches Yes, the issue has been patched. The fix is implemented in PR free5gc/udm#78. Users should upgrade to the next release of free5GC that includes this commit.

Workarounds There is no direct workaround at the application level. The recommendation is to apply the provided patch or implement API gateway-level filtering to block requests containing path traversal sequences.

AnalysisAI

A NULL pointer dereference vulnerability in free5GC v4.0.1's UDM (Unified Data Management) service allows remote attackers to crash the service via a crafted POST request to the /sdm-subscriptions endpoint containing path traversal sequences and a large JSON payload. The DataChangeNotificationProcedure function in notifier.go fails to validate pointers before dereferencing, causing complete service disruption requiring manual restart. …

RemediationAI

Within 24 hours: Identify all free5GC v4.0.1 deployments with UDM HTTP callback enabled and assess exposure to untrusted network traffic. Within 7 days: Apply vendor patch via PR free5gc/udm#78 to all affected UDM instances, with testing in non-production environments first. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

Vendor StatusVendor

CVE-2026-33064 vulnerability details – vuln.today

Back

Suse CVE-2026-33064

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code