Vulnerability Description
free5GC AMF provides Access & Mobility Management Function (AMF) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. Prior to version 1.4.3, the `HTTPUEContextTransfer` handler in `internal/sbi/api_communication.go` does not include a `default` case in the `Content-Type` switch statement. When a request arrives with an unsupported `Content-Type`, the deserialization step is silently skipped, `err` remains `nil`, and the processor is invoked with a completely uninitialized `UeContextTransferRequest` object. Version 1.4.3 contains a fix.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Free5Gc | Amf | < 1.4.3 |
| Free5Gc | Free5Gc | <= 4.2.1 |
Related Weaknesses (CWE)
References
- https://github.com/free5gc/amf/releases/tag/v1.4.3ProductRelease Notes
- https://github.com/free5gc/free5gc/security/advisories/GHSA-r99v-75p9-xqm5ExploitVendor Advisory
- https://github.com/free5gc/free5gc/security/advisories/GHSA-r99v-75p9-xqm5ExploitVendor Advisory
FAQ
What is CVE-2026-41136?
CVE-2026-41136 is a vulnerability with a CVSS score of 5.3 (MEDIUM). free5GC AMF provides Access & Mobility Management Function (AMF) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. Prior to version 1.4.3, the `HTTPUEContextTransfer...
How severe is CVE-2026-41136?
CVE-2026-41136 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-41136?
Check the references section above for vendor advisories and patch information. Affected products include: Free5Gc Amf, Free5Gc Free5Gc.