CVE & CISA-KEV Catalog

CVE-2026-40249

MEDIUM
5.3
CVSS v3
NVD

Description

free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for updating Policy Data notification subscriptions at /nudr-dr/v2/policy-data/subs-to-notify/{subsId} does not return after request body retrieval or deserialization errors. Although HTTP 500 or 400 error responses are sent, execution continues and the processor is invoked with a potentially uninitialized or partially initialized PolicyDataSubscription object. This fail-open behavior may allow unintended modification of existing Policy Data notification subscriptions with invalid or empty input, depending on downstream processor and storage behavior. A patched version was not available at the time of publication.

How to fix

No published remediation has been found for this vulnerability's affected products yet.

Mitigation guidance may be in the linked vendor advisories in the References section below.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityLow
AvailabilityNone

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploit Intelligence

0.32%probability of exploitation in 30 days
24thpercentile

Low risk: more likely to be exploited than 24% of all known CVEs.

References

Exploit1
Embed a live status badge for CVE-2026-40249
CVE-2026-40249 severity badge

Markdown

[![CVE-2026-40249](https://tridentstack.com/cve/badge/CVE-2026-40249.svg)](https://tridentstack.com/cve/CVE-2026-40249)

HTML

<a href="https://tridentstack.com/cve/CVE-2026-40249"><img src="https://tridentstack.com/cve/badge/CVE-2026-40249.svg" alt="CVE-2026-40249"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-04-21.