Loading
free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for updating Policy Data notification subscriptions at /nudr-dr/v2/policy-data/subs-to-notify/{subsId} does not return after request body retrieval or deserialization errors. Although HTTP 500 or 400 error responses are sent, execution continues and the processor is invoked with a potentially uninitialized or partially initialized PolicyDataSubscription object. This fail-open behavior may allow unintended modification of existing Policy Data notification subscriptions with invalid or empty input, depending on downstream processor and storage behavior. A patched version was not available at the time of publication.
Use CWE-636, Free5gc vendor hub and Free5gc product page to widen CVE-2026-40249 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2026-40248, CVE-2026-40247 and CVE-2026-40246 for nearby disclosures in the same product family.