CVE-2026-42082

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not enforce the concurrent security procedure rules defined in 3GPP TS 33.501 §6.9.5.1. The AMF does not check for ongoing N2 handover procedures before initiating a NAS Security Mode Command, and vice versa. This can lead to mismatches between NAS and AS security contexts in the network and the UE. This vulnerability is fixed in 4.2.2.

CVSS v3 3.7 LOW

3.7^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.2 / Impact : 2.5

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/free5gc/free5gc/security/advisories/GHSA-vrrx-58h3-prmh	Exploit Vendor Advisory
https://github.com/free5gc/free5gc/security/advisories/GHSA-vrrx-58h3-prmh	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:free5gc:free5gc:*:*:*:*:*:*:*:*

History

28 May 2026, 19:22

Type	Values Removed	Values Added
First Time		Free5gc free5gc Free5gc
References	~~() https://github.com/free5gc/free5gc/security/advisories/GHSA-vrrx-58h3-prmh -~~	() https://github.com/free5gc/free5gc/security/advisories/GHSA-vrrx-58h3-prmh - Exploit, Vendor Advisory
CPE		cpe:2.3:a:free5gc:free5gc::::::::

28 May 2026, 16:16

Type	Values Removed	Values Added
References	~~() https://github.com/free5gc/free5gc/security/advisories/GHSA-vrrx-58h3-prmh -~~	() https://github.com/free5gc/free5gc/security/advisories/GHSA-vrrx-58h3-prmh -

27 May 2026, 17:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-05-27 17:16

Updated : 2026-05-28 19:22

NVD link : CVE-2026-42082

Mitre link : CVE-2026-42082

CVE.ORG link : CVE-2026-42082

JSON object : View

Products Affected

free5gc

free5gc

CWE

CWE-358

Improperly Implemented Security Check for Standard

{"id": "CVE-2026-42082", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2026-05-27T17:16:35.180", "references": [{"url": "https://github.com/free5gc/free5gc/security/advisories/GHSA-vrrx-58h3-prmh", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/free5gc/free5gc/security/advisories/GHSA-vrrx-58h3-prmh", "tags": ["Exploit", "Vendor Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-358"}]}], "descriptions": [{"lang": "en", "value": "free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not enforce the concurrent security procedure rules defined in 3GPP TS 33.501 \u00a76.9.5.1. The AMF does not check for ongoing N2 handover procedures before initiating a NAS Security Mode Command, and vice versa. This can lead to mismatches between NAS and AS security contexts in the network and the UE. This vulnerability is fixed in 4.2.2."}], "lastModified": "2026-05-28T19:22:15.390", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:free5gc:free5gc:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF7EBB95-EB4E-44C5-BF0A-9C99B0A7775F", "versionEndExcluding": "4.2.2"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}