CVE-2026-33064

Source
https://cve.org/CVERecord?id=CVE-2026-33064
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-33064.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-33064
Aliases
Downstream
Related
Published
2026-03-20T08:00:31.755Z
Modified
2026-07-15T01:49:00.759221556Z
Severity
  • 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
free5GC UDM DataChangeNotification Procedure Panic Due to Nil Pointer Dereference
Details

Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions prior to 1.4.2 are vulnerable to procedure panic caused by Nil Pointer Dereference in the /sdm-subscriptions endpoint. A remote attacker can cause the UDM service to panic and crash by sending a crafted POST request to the /sdm-subscriptions endpoint with a malformed URL path containing path traversal sequences (../) and a large JSON payload. The DataChangeNotificationProcedure function in notifier.go attempts to access a nil pointer without proper validation, causing a complete service crash with "runtime error: invalid memory address or nil pointer dereference". Exploitation would result in UDM functionality disruption until recovery by restart. This issue has been fixed in version 1.4.2.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/33xxx/CVE-2026-33064.json",
    "cwe_ids": [
        "CWE-478"
    ],
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/free5gc/udm

Affected ranges

Type
GIT
Repo
https://github.com/free5gc/udm
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.4.2"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE",
        "REFERENCES"
    ],
    "cpe": "cpe:2.3:a:free5gc:udm:*:*:*:*:*:go:*:*"
}

Affected versions

v1.*
v1.0.0
v1.0.1
v1.0.2
v1.1.0
v1.1.1
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.2.5
v1.3.0
v1.3.1
v1.3.2
v1.4.0
v1.4.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-33064.json"