CVE-2026-42082 PUBLISHED

free5GC: Missing Concurrent NAS SMC Validation During NGAP Handover

Assigner: GitHub_M
Reserved: 23.04.2026 Published: 27.05.2026 Updated: 28.05.2026

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the AMF in Free5GC does not enforce the concurrent security procedure rules defined in 3GPP TS 33.501 §6.9.5.1. The AMF does not check for ongoing N2 handover procedures before initiating a NAS Security Mode Command, and vice versa. This can lead to mismatches between NAS and AS security contexts in the network and the UE. This vulnerability is fixed in 4.2.2.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
CVSS Score: 3.7

Attack Vector	Adjacent Network	Scope	Unchanged
Attack Complexity	High	Confidentiality Impact	None
Privileges Required	Low	Integrity Impact	Low
User Interaction	None	Availability Impact	Low

CVSS 3.1

Product Status

Vendor	free5gc
Product	free5gc
Versions	Version < 4.2.2 is affected

References

https://github.com/free5gc/free5gc/security/advisories/GHSA-vrrx-58h3-prmh

Problem Types

CWE-358: Improperly Implemented Security Check for Standard CWE