{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-5661","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2026-04-06T07:48:14.498Z","datePublished":"2026-04-06T14:08:19.647Z","dateUpdated":"2026-04-06T14:55:09.634Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2026-04-06T14:08:19.647Z"},"title":"Free5GC NGSetupRequest denial of service","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-404","lang":"en","description":"Denial of Service"}]}],"affected":[{"vendor":"n/a","product":"Free5GC","versions":[{"version":"4.2.0","status":"affected"}],"cpes":["cpe:2.3:a:free5gc:free5gc:*:*:*:*:*:*:*:*"],"modules":["NGSetupRequest Handler"]}],"descriptions":[{"lang":"en","value":"A vulnerability was identified in Free5GC 4.2.0. This affects an unknown function of the component NGSetupRequest Handler. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit is publicly available and might be used."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":6.9,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":5.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":5.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":5,"vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2026-04-06T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2026-04-06T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2026-04-06T09:53:20.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"shovon0203 (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/vuln/355485","name":"VDB-355485 | Free5GC NGSetupRequest denial of service","tags":["vdb-entry"]},{"url":"https://vuldb.com/vuln/355485/cti","name":"VDB-355485 | CTI Indicators (IOB, IOC, TTP)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/submit/785896","name":"Submit #785896 | Linux Foundation free5GC 4.2.0 State Synchronization Error","tags":["third-party-advisory"]},{"url":"https://github.com/free5gc/free5gc/issues/832","tags":["issue-tracking"]},{"url":"https://github.com/free5gc/amf/pull/201","tags":["issue-tracking","patch"]},{"url":"https://github.com/user-attachments/files/25581199/amfcfg.yaml","tags":["exploit"]},{"url":"https://github.com/free5gc/free5gc/","tags":["product"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-04-06T14:53:51.067978Z","id":"CVE-2026-5661","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-04-06T14:55:09.634Z"}}]}}