216.73.217.22

CVE-2026-41136

· Published 22/04/2026 00:16 · Modified 23/04/2026 19:39

Labels: CVE-2026-41136 2026-04-22CVE-2026-41136CWE-440[email protected]

Essential information

Published
22/04/2026 00:16
Modified
23/04/2026 19:39
Author
Creator
CVSS
5.5 MEDIUM (v3) 5.5 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

free5GC AMF provides Access & Mobility Management Function (AMF) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. Prior to version 1.4.3, the `HTTPUEContextTransfer` handler in `internal/sbi/api_communication.go` does not include a `default` case in the `Content-Type` switch statement. When a request arrives with an unsupported `Content-Type`, the deserialization step is silently skipped, `err` remains `nil`, and the processor is invoked with a completely uninitialized `UeContextTransferRequest` object. Version 1.4.3 contains a fix.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
free5gc / amf cpe:2.3:a:free5gc:amf:*:*:*:*:*:go:*:*
free5gc / free5gc cpe:2.3:a:free5gc:free5gc:*:*:*:*:*:*:*:*

References