Which versions of Free5gc are affected by EUVD-2026-14264?

Organizations using A weakness should be aware of moderate risk from CVE-2026-4531 rated CVSS 5.3. Exploitation could compromise the security of affected deployments.. A patch is available.

Free5gc EUVD-2026-14264

Q: What is the CVSS score of EUVD-2026-14264?

EUVD-2026-14264 has a CVSS 4.0 base score of 6.9 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

| CVE-2026-4531 MEDIUM

Improper Resource Shutdown or Release (CWE-404)

2026-03-22 VulDB

Denial Of Service Free5gc

6.9

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

6.9 MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 24, 2026 - 16:37 NVD

5.3 (MEDIUM) 6.9 (MEDIUM)

EUVD ID Assigned

Mar 22, 2026 - 01:45 euvd

EUVD-2026-14264

Analysis Generated

Mar 22, 2026 - 01:45 vuln.today

Patch released

Mar 22, 2026 - 01:45 nvd

Patch available

CVE Published

Mar 22, 2026 - 01:32 nvd

MEDIUM 5.3

DescriptionCVE.org

A weakness has been identified in Free5GC 4.1.0. Affected is the function HandleRegistrationComplete of the file internal/gmm/handler.go of the component AMF. Executing a manipulation can lead to denial of service. The attack may be performed from remote. This patch is called 52e9386401ce56ea773c5aa587d4cdf7d53da799. It is best practice to apply a patch to resolve this issue.

AnalysisAI

Free5GC 4.1.0's AMF component is susceptible to a denial of service attack in the HandleRegistrationComplete function that can be exploited remotely without authentication. An attacker can manipulate the registration process to crash or disable the affected service. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	The CVSS score of 5.3 reflects a medium-severity vulnerability with network accessibility (AV:N) and low attack complexity (AC:L) but no authentication requirement (PR:N). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker with network access to the AMF (typically a malicious or compromised base station, or direct network access to the 5G core) sends a specially crafted NAS registration complete message with manipulated parameters that fail input validation in the HandleRegistrationComplete function. This causes the AMF process to crash or enter a resource-exhausted state, rendering it unable to process legitimate device registrations and mobility updates. …
Remediation	Apply the vendor-provided patch immediately by updating to the fixed version of the AMF component corresponding to commit 52e9386401ce56ea773c5aa587d4cdf7d53da799 or later from the Free5GC GitHub repository at https://github.com/free5gc/amf. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. …

Threat intelligence, references, and detailed analysis are available after sign-in.

EUVD-2026-14264 vulnerability details – vuln.today

Back