CVE-2026-5360

April 3, 2026, 4:10 p.m.

6.3
Medium

Description

A vulnerability has been found in Free5GC 4.2.0. The affected element is an unknown function of the component aper. Such manipulation leads to type confusion. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 26205eb01705754b7b902ad6c4b613c96c881e29. It is best practice to apply a patch to resolve this issue.

Product(s) Impacted

Vendor Product Versions
Free5gc
  • Free5gc
  • 4.2.0

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a free5gc free5gc 4.2.0 / / / / / / /

References

https://github.com/free5gc/aper/commit/26205eb01705754b7b902ad6c4b613c96c881e29
https://github.com/free5gc/aper/pull/11
https://github.com/free5gc/free5gc/
https://github.com/free5gc/free5gc/issues/831
https://github.com/free5gc/free5gc/issues/831#issue-3996453112
https://vuldb.com/submit/781573
https://vuldb.com/vuln/354735
https://vuldb.com/vuln/354735/cti

Tags

CWE-843
[email protected]
2026-04-02
CVE-2026-5360

CVSS Score

6.3 / 10

CVSS Data - 4.0

  • Attack Vector: NETWORK
  • Attack Complexity: HIGH
  • Attack Requirements: NONE
  • Privileges Required: NONE
  • User Interaction: NONE
  • Scope:
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: LOW
  • Exploit Maturity: PROOF_OF_CONCEPT

    • CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    View Vector String

Timeline

Published: April 2, 2026, 5:16 p.m.
Last Modified: April 3, 2026, 4:10 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

[email protected]

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.