{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4531", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-21T07:47:21.184Z", "datePublished": "2026-03-22T01:32:11.642Z", "dateUpdated": "2026-03-23T15:34:56.907Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-22T01:32:11.642Z"}, "title": "Free5GC AMF handler.go HandleRegistrationComplete denial of service", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-404", "lang": "en", "description": "Denial of Service"}]}], "affected": [{"vendor": "n/a", "product": "Free5GC", "versions": [{"version": "4.1.0", "status": "affected"}], "cpes": ["cpe:2.3:a:free5gc:free5gc:*:*:*:*:*:*:*:*"], "modules": ["AMF"]}], "descriptions": [{"lang": "en", "value": "A weakness has been identified in Free5GC 4.1.0. Affected is the function HandleRegistrationComplete of the file internal/gmm/handler.go of the component AMF. Executing a manipulation can lead to denial of service. The attack may be performed from remote. This patch is called 52e9386401ce56ea773c5aa587d4cdf7d53da799. It is best practice to apply a patch to resolve this issue."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P/E:ND/RL:OF/RC:C"}}], "timeline": [{"time": "2026-03-21T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-21T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-21T08:52:25.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "shovon0203 (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.352319", "name": "VDB-352319 | Free5GC AMF handler.go HandleRegistrationComplete denial of service", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.352319", "name": "VDB-352319 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.774073", "name": "Submit #774073 | Linux Foundation free5GC 4.1.0 Denial of Service", "tags": ["third-party-advisory"]}, {"url": "https://github.com/free5gc/free5gc/issues/792", "tags": ["issue-tracking"]}, {"url": "https://github.com/free5gc/amf/pull/198", "tags": ["issue-tracking", "patch"]}, {"url": "https://github.com/free5gc/amf/commit/52e9386401ce56ea773c5aa587d4cdf7d53da799", "tags": ["patch"]}, {"url": "https://github.com/free5gc/free5gc/", "tags": ["product"]}], "tags": ["x_open-source"]}, "adp": [{"references": [{"url": "https://github.com/free5gc/free5gc/issues/792", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T15:34:51.047653Z", "id": "CVE-2026-4531", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T15:34:56.907Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4531", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-23T15:34:51.047653Z"}}}], "references": [{"url": "https://github.com/free5gc/free5gc/issues/792", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T15:34:42.697Z"}}], "cna": {"tags": ["x_open-source"], "title": "Free5GC AMF handler.go HandleRegistrationComplete denial of service", "credits": [{"lang": "en", "type": "reporter", "value": "shovon0203 (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P/E:ND/RL:OF/RC:C"}}], "affected": [{"cpes": ["cpe:2.3:a:free5gc:free5gc:*:*:*:*:*:*:*:*"], "vendor": "n/a", "modules": ["AMF"], "product": "Free5GC", "versions": [{"status": "affected", "version": "4.1.0"}]}], "timeline": [{"lang": "en", "time": "2026-03-21T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-21T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-21T08:52:25.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.352319", "name": "VDB-352319 | Free5GC AMF handler.go HandleRegistrationComplete denial of service", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.352319", "name": "VDB-352319 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.774073", "name": "Submit #774073 | Linux Foundation free5GC 4.1.0 Denial of Service", "tags": ["third-party-advisory"]}, {"url": "https://github.com/free5gc/free5gc/issues/792", "tags": ["issue-tracking"]}, {"url": "https://github.com/free5gc/amf/pull/198", "tags": ["issue-tracking", "patch"]}, {"url": "https://github.com/free5gc/amf/commit/52e9386401ce56ea773c5aa587d4cdf7d53da799", "tags": ["patch"]}, {"url": "https://github.com/free5gc/free5gc/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A weakness has been identified in Free5GC 4.1.0. Affected is the function HandleRegistrationComplete of the file internal/gmm/handler.go of the component AMF. Executing a manipulation can lead to denial of service. The attack may be performed from remote. This patch is called 52e9386401ce56ea773c5aa587d4cdf7d53da799. It is best practice to apply a patch to resolve this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-404", "description": "Denial of Service"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-22T01:32:11.642Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4531", "state": "PUBLISHED", "dateUpdated": "2026-03-23T15:34:56.907Z", "dateReserved": "2026-03-21T07:47:21.184Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-22T01:32:11.642Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A weakness has been identified in Free5GC 4.1.0. Affected is the function HandleRegistrationComplete of the file internal/gmm/handler.go of the component AMF. Executing a manipulation can lead to denial of service. The attack may be performed from remote. This patch is called 52e9386401ce56ea773c5aa587d4cdf7d53da799. It is best practice to apply a patch to resolve this issue."}, {"lang": "es", "value": "Se ha identificado una debilidad en Free5GC 4.1.0. Afecta a la funci\u00f3n HandleRegistrationComplete del archivo internal/gmm/handler.go del componente AMF. La ejecuci\u00f3n de una manipulaci\u00f3n puede conducir a denegaci\u00f3n de servicio. El ataque puede realizarse de forma remota. Este parche se llama 52e9386401ce56ea773c5aa587d4cdf7d53da799. Es una buena pr\u00e1ctica aplicar un parche para resolver este problema."}], "id": "CVE-2026-4531", "lastModified": "2026-04-24T16:32:53.997", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-22T02:15:59.270", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/free5gc/amf/commit/52e9386401ce56ea773c5aa587d4cdf7d53da799"}, {"source": "cna@vuldb.com", "url": "https://github.com/free5gc/amf/pull/198"}, {"source": "cna@vuldb.com", "url": "https://github.com/free5gc/free5gc/"}, {"source": "cna@vuldb.com", "url": "https://github.com/free5gc/free5gc/issues/792"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.352319"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.352319"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.774073"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/free5gc/free5gc/issues/792"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-404"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "4.1.0"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Free5GC", "source": "cna", "vendor": "n/a"}, "product": "free5gc", "vendor": "free5gc"}], "analysis": {"en": {"generated_at": "2026-03-22T02:21:09.681178+00:00", "value": {"mitigation_remediation": ["Apply the patch referenced in commit 52e9386401ce56ea773c5aa587d4cdf7d53da799 to the AMF component", "Upgrade to the latest Free5GC release, ensuring it contains the AMF mitigation", "Verify that the AMF service processes registration requests normally after the patch", "Monitor AMF logs for any repeated registration requests that could indicate an attempt to trigger a denial of service"], "summary": {"action": "Patch Now", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The CVE targets the Free5GC open\u2011source network function suite, specifically the AMF (Access and Mobility Management Function). The vulnerable code appears only in release 4.1.0. Systems running this exact version are at risk; later releases should be examined for the patch but are not explicitly listed as affected by this report.", "description_and_impact": "The identified weakness resides in the HandleRegistrationComplete function within the AMF component of Free5GC version 4.1.0. A crafted request can trigger a denial of service, causing the AMF to stop responding to additional registration requests. This behavior is classified under CWE-404: Unhandled Resource Conflict. The vulnerability allows a remote attacker to disrupt service availability for the affected network functions.", "risk_and_exploitability": "The CVSS score of 6.9 indicates a medium severity impact with remote exploitation potential. EPSS is not available, so the exploitation probability cannot be quantified. The vulnerability is not recorded in CISA\u2019s KEV catalogue, implying no widespread public exploits are currently documented. Nevertheless, because the attack can be launched remotely and may cause service interruptions, administrators should consider the risk high enough to prioritize remediation."}}}}, "created": "2026-03-23T09:46:49.080717+00:00", "updated": "2026-03-25T14:46:49.501170+00:00", "vendors": ["free5gc", "free5gc$PRODUCT$free5gc"]}