Skip to main content

Free5GC AMF CVE-2026-42081

| EUVDEUVD-2026-32557 MEDIUM
Improperly Implemented Security Check for Standard (CWE-358)
2026-05-07 https://github.com/free5gc/free5gc GHSA-77x9-rf64-92gv
6.1
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.1 MEDIUM
AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
Low
Availability
Low

Lifecycle Timeline

4
Patch available
May 27, 2026 - 19:46 EUVD
Source Code Evidence Fetched
May 07, 2026 - 02:16 vuln.today
Analysis Generated
May 07, 2026 - 02:16 vuln.today
CVE Published
May 07, 2026 - 01:53 nvd
MEDIUM 6.1

DescriptionGitHub Advisory

Summary

The AMF in Free5GC v4.2.1 does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored values, as mandated by 3GPP TS 33.501 §6.7.3.1. A malicious gNB can overwrite the AMF's stored UE security capabilities with arbitrary values, which are then propagated in PathSwitchRequest Acknowledge messages and subsequent Handover Request messages. This leads to persistent handover denial-of-service for affected UEs.

Details

Affected File: amf/internal/ngap/handler.go - handlePathSwitchRequestMain function

Root Cause:

When the AMF receives a PathSwitchRequest during an Xn-handover, it processes the UESecurityCapabilities IE by directly overwriting the stored values without comparing them to the previously stored capabilities:

go
if uESecurityCapabilities != nil {
    amfUe.UESecurityCapability.SetEA1_128_5G(uESecurityCapabilities.NRencryptionAlgorithms.Value.Bytes[0] & 0x80)
    amfUe.UESecurityCapability.SetEA2_128_5G(uESecurityCapabilities.NRencryptionAlgorithms.Value.Bytes[0] & 0x40)
    amfUe.UESecurityCapability.SetEA3_128_5G(uESecurityCapabilities.NRencryptionAlgorithms.Value.Bytes[0] & 0x20)
    amfUe.UESecurityCapability.SetIA1_128_5G(uESecurityCapabilities.NRintegrityProtectionAlgorithms.Value.Bytes[0] & 0x80)
    amfUe.UESecurityCapability.SetIA2_128_5G(uESecurityCapabilities.NRintegrityProtectionAlgorithms.Value.Bytes[0] & 0x40)
    amfUe.UESecurityCapability.SetIA3_128_5G(uESecurityCapabilities.NRintegrityProtectionAlgorithms.Value.Bytes[0] & 0x20)
}

3GPP TS 33.501 §6.7.3.1 requires three actions, none of which are implemented:

  1. Verification (SHALL): "The AMF shall verify that the UE's 5G security capabilities received from the target gNB/ng-eNB are the same as the UE's 5G security capabilities that the AMF has locally stored."

→ Not implemented. The AMF unconditionally overwrites stored values.

  1. Correction (SHALL): "If there is a mismatch, the AMF shall send its locally stored 5G security capabilities of the UE to the target gNB/ng-eNB in the Path-Switch Acknowledge message."

→ Not implemented. The PathSwitchRequestAcknowledge contains the corrupted values.

  1. Logging (SHALL): "The AMF shall support logging capabilities for this event and may take additional measures, such as raising an alarm."

→ Not implemented. No mismatch detection or logging exists.

Propagation:

The corrupted values are propagated in:

  • PathSwitchRequestAcknowledge: Contains corrupted UESecurityCapabilities (demonstrated in pcap)
  • Subsequent HandoverRequest messages: AMF sends corrupted capabilities to target gNBs

Per TS 38.413 §8.4.2.4, if the supported algorithms in the UE Security Capabilities do not match any allowed algorithms configured in the target gNB, the target gNB is required to reject the procedure using a HANDOVER FAILURE message.

PoC

Environment:

  • Free5GC v4.2.1 AMF (Docker container) with full NF stack (NRF, AUSF, UDM, UDR, NSSF, PCF, SMF, UPF)
  • UERANSIM v3.2.7 gNB with custom inspection-tool extension
  • tshark for packet capture

Reproduction Steps:

  1. Start Free5GC full stack and register a UE through a gNB (NG Setup → Registration → PDU Session Setup).
  2. Send a normal HandoverRequired from the gNB. Capture the resulting HandoverRequest from the AMF and confirm nRintegrityProtectionAlgorithms = 0xe000 (NIA1, NIA2, NIA3 all supported). This is the baseline.
  3. Send a PathSwitchRequest with nRintegrityProtectionAlgorithms = 0x0000 (all integrity algorithms set to not supported). The AMF responds with PathSwitchRequestAcknowledge.
  4. Observe that the PathSwitchRequestAcknowledge contains nRintegrityProtectionAlgorithms = 0x0000 - the corrupted values are propagated back.

Observed Result (from pcap capture):

PacketMessagenRintegrityProtectionAlgorithms
#20HandoverRequest (AMF→gNB)0xe000 (NIA1 ✓ NIA2 ✓ NIA3 ✓) - baseline
#30PathSwitchRequest (gNB→AMF)0x0000 - poison
#47PathSwitchRequestAcknowledge (AMF→gNB)0x0000 (NIA1 ✗ NIA2 ✗ NIA3 ✗) - corrupted

Impact

Availability (HIGH): A malicious gNB can send a single PathSwitchRequest message to corrupt the AMF's stored UE security capabilities for any UE. All subsequent inter-gNB handovers for the affected UE are expected to fail (per TS 38.413 §8.4.2.4), resulting in denial-of-service that persists until the UE performs a new registration.

Integrity (LOW): The AMF's internal UE security context is corrupted with attacker-controlled values. These corrupted values are propagated to other network elements via PathSwitchRequestAcknowledge and HandoverRequest messages.

Who is impacted: Any deployment using Free5GC as the AMF where a gNB could be compromised or where untrusted gNBs exist (e.g., O-RAN multi-vendor deployments).

AnalysisAI

Free5GC Access and Mobility Management Function (AMF) v4.2.1 and earlier fails to verify UE Security Capabilities in NGAP PathSwitchRequest messages, allowing a malicious gNB to overwrite the AMF's stored security algorithm preferences with arbitrary values. These corrupted capabilities are then propagated in PathSwitchRequestAcknowledge and subsequent HandoverRequest messages, causing all inter-gNB handovers for affected UEs to fail due to algorithm mismatches. This results in persistent handover denial-of-service until UE re-registration. The vulnerability is directly contrary to 3GPP TS 33.501 §6.7.3.1 verification requirements and has been demonstrated with a public proof-of-concept using Free5GC v4.2.1 and UERANSIM.

Technical ContextAI

Free5GC is an open-source 5G core network implementation written in Go. The vulnerability resides in the AMF component's NGAP (NG Application Protocol) message handler, specifically the handlePathSwitchRequestMain function in amf/internal/ngap/handler.go. During Xn-handovers between gNodeBs, the AMF receives PathSwitchRequest messages containing UESecurityCapabilities Information Elements (IEs) that specify which encryption (EA) and integrity protection (IA) algorithms the UE supports (EA1/EA2/EA3 for 5G encryption; IA1/IA2/IA3 for integrity). The root cause is unconditional overwriting of stored capability bits using bitwise operations (e.g., SetEA1_128_5G with NRencryptionAlgorithms.Value.Bytes[0] & 0x80) without prior comparison to locally stored values. Per 3GPP TS 33.501 §6.7.3.1, the AMF is mandated to verify received capabilities match stored values and, if mismatched, send its locally stored capabilities back in the PathSwitchRequestAcknowledge. The missing verification allows a gNB (via NGAP over SCTP) to inject false algorithm support/rejection signals. Subsequent TS 38.413 §8.4.2.4 handover procedures enforce that target gNBs reject HandoverRequest messages if no common algorithms exist between UE and gNB configuration, guaranteeing handover failure when capabilities are zeroed. CWE-358 (Improperly Restricted Operations on Dynamically-Allocated Memory) applies to the unchecked state modification of the UE security context object.

RemediationAI

No vendor-released patch identified at time of analysis. Immediate remediation requires in-place code fixes: apply the verification logic from 3GPP TS 33.501 §6.7.3.1 by comparing received UESecurityCapabilities against amfUe.UESecurityCapability before overwriting, and if mismatched, return the locally stored values in PathSwitchRequestAcknowledge instead of the received ones. Until a patched Free5GC release is available, implement network-level compensating controls: (1) restrict NGAP access (port 38412/SCTP) to known, trusted gNBs via firewall rules on the AMF host or intermediate network segments, (2) deploy gNB authentication and authorization checks at the N2 interface using TLS mutual authentication with certificate pinning to prevent unauthorized gNB connections, (3) enable detailed logging and alerting on PathSwitchRequest messages and monitor for zero'd algorithm values in AMF logs (search for UESecurityCapability modifications with all-zero bytes), (4) segment the AMF into a dedicated security zone with monitoring for abnormal state changes. Workaround: force UEs to re-register every N hours via policy enforcement in the PCF or SMF to limit DoS duration, though this reduces user experience and does not prevent the underlying corruption. Operators should also audit their gNB deployment for compromise or untrusted vendors (especially in multi-vendor O-RAN setups) since this vulnerability requires gNB control. Monitor GitHub repository (https://github.com/free5gc/free5gc/security/advisories/GHSA-77x9-rf64-92gv) for patch release announcements.

More in Docker

View all
CVE-2024-55964 CRITICAL POC
9.8 Mar 26

An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl

CVE-2019-5736 HIGH POC
8.6 Feb 11

runc through version 1.0-rc6 (used in Docker before 18.09.2) contains a container escape vulnerability that allows attac

CVE-2023-32077 HIGH POC
7.5 Aug 24

Netmaker makes networks with WireGuard. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no a

CVE-2026-39987 CRITICAL POC
9.3 Apr 08

Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/

CVE-2023-5815 HIGH POC
8.1 Nov 22

The News & Blog Designer Pack - WordPress Blog Plugin - (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post

CVE-2014-9357 CRITICAL
10.0 Dec 16

Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build

CVE-2026-34156 CRITICAL POC
9.9 Mar 30

Remote code execution in NocoBase Workflow Script Node (npm @nocobase/plugin-workflow-javascript) allows authenticated l

CVE-2019-15752 HIGH POC
7.8 Aug 28

Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-c

CVE-2025-34221 CRITICAL POC
10.0 Sep 29

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 2

CVE-2024-23054 CRITICAL POC
9.8 Feb 05

An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution du

CVE-2025-23211 CRITICAL POC
9.9 Jan 28

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical seve

CVE-2026-46339 CRITICAL POC
10.0 May 19

Unauthenticated remote code execution in 9router (npm package) versions 0.4.30 through 0.4.36 allows network-adjacent at

Share

CVE-2026-42081 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy