{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79842?format=json","vulnerability_id":"VCID-m7ry-pa4j-43f1","summary":"free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, remote attackers can inject control characters (e.g., %00) into the supi parameter, triggering internal URL parsing errors (net/url: invalid control character). This exposes system-level error details and can be used for service fingerprinting. All deployments of free5GC using the UDM Nudm_UEAU service may be affected. free5gc/udm pull request 75 contains a fix for the issue. No direct workaround is available at the application level. Applying the official patch is recommended.","aliases":[{"alias":"CVE-2026-27642"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27642","reference_id":"","reference_type":"","scores":[{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.10486","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.1054","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27642"},{"reference_url":"https://github.com/free5gc/free5gc/issues/749","reference_id":"749","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T14:32:55Z/"}],"url":"https://github.com/free5gc/free5gc/issues/749"},{"reference_url":"https://github.com/free5gc/udm/pull/75","reference_id":"75","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T14:32:55Z/"}],"url":"https://github.com/free5gc/udm/pull/75"},{"reference_url":"https://github.com/free5gc/udm/commit/a7af2321ddea6368c43835f90f6d1b9d67dd2ea1","reference_id":"a7af2321ddea6368c43835f90f6d1b9d67dd2ea1","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T14:32:55Z/"}],"url":"https://github.com/free5gc/udm/commit/a7af2321ddea6368c43835f90f6d1b9d67dd2ea1"},{"reference_url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-h4wg-rp7m-8xx4","reference_id":"GHSA-h4wg-rp7m-8xx4","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-26T14:32:55Z/"}],"url":"https://github.com/free5gc/free5gc/security/advisories/GHSA-h4wg-rp7m-8xx4"}],"weaknesses":[{"cwe_id":20,"name":"Improper Input Validation","description":"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly."}],"exploits":[],"severity_range_score":"6.6 - 6.6","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m7ry-pa4j-43f1"}