NVD Vulnerability Detail
Search Exploit, PoC
CVE-2026-41136
Summary

free5GC AMF provides Access & Mobility Management Function (AMF) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. Prior to version 1.4.3, the `HTTPUEContextTransfer` handler in `internal/sbi/api_communication.go` does not include a `default` case in the `Content-Type` switch statement. When a request arrives with an unsupported `Content-Type`, the deserialization step is silently skipped, `err` remains `nil`, and the processor is invoked with a completely uninitialized `UeContextTransferRequest` object. Version 1.4.3 contains a fix.

Publication Date April 22, 2026, 9:16 a.m.
Registration Date April 25, 2026, 4:04 a.m.
Last Update April 24, 2026, 4:39 a.m.
CVSS3.1 : MEDIUM
スコア 5.3
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
攻撃元区分(AV) ネットワーク
攻撃条件の複雑さ(AC)
攻撃に必要な特権レベル(PR) 不要
利用者の関与(UI) 不要
影響の想定範囲(S) 変更なし
機密性への影響(C) なし
完全性への影響(I)
可用性への影響(A) なし
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:a:free5gc:amf:*:*:*:*:*:go:*:* 1.4.3
cpe:2.3:a:free5gc:free5gc:*:*:*:*:*:*:*:* 4.2.1
Related information, measures and tools
Common Vulnerabilities List