EXECUTIVE SUMMARY:
CVE-2026-41135 with a CVSS score of 7.5 is a Uncontrolled Resource Consumption (Memory Exhaustion) vulnerability in the free5GC PCF allowing any unauthenticated attacker with network access to the PCF SBI interface to cause uncontrolled memory growth by sending repeated HTTP requests to the OAM endpoint. The vulnerability is caused by a router.Use() call inside an HTTP handler registering a new CORS middleware on every incoming request, permanently growing the Gin router's handler chain and leading to progressive memory exhaustion and eventual Denial of Service of the PCF, preventing all UEs from obtaining AM and SM policies and blocking 5G session establishment. An attacker can exploit this vulnerability by launching a flood of HTTP requests to the OAM endpoint from any container on the same Docker network, requiring no authentication and privileges. This results in the attacker gaining the capability to cause a Denial of Service of the PCF, leading to a complete loss of 5G service for all subscribers served by the affected PCF instance. The business impact of this vulnerability is significant, as it can cause a complete loss of 5G service for all subscribers served by the affected PCF instance, preventing new UE registrations and PDU session establishment.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
CVE-2026-41135 with a CVSS score of 7.5 is a Uncontrolled Resource Consumption (Memory Exhaustion) vulnerability in the free5GC PCF allowing any unauthenticated attacker with network access to the PCF SBI interface to cause uncontrolled memory growth by sending repeated HTTP requests to the OAM endpoint. The vulnerability is caused by a router.Use() call inside an HTTP handler registering a new CORS middleware on every incoming request, permanently growing the Gin router's handler chain and leading to progressive memory exhaustion and eventual Denial of Service of the PCF, preventing all UEs from obtaining AM and SM policies and blocking 5G session establishment. An attacker can exploit this vulnerability by launching a flood of HTTP requests to the OAM endpoint from any container on the same Docker network, requiring no authentication and privileges. This results in the attacker gaining the capability to cause a Denial of Service of the PCF, leading to a complete loss of 5G service for all subscribers served by the affected PCF instance. The business impact of this vulnerability is significant, as it can cause a complete loss of 5G service for all subscribers served by the affected PCF instance, preventing new UE registrations and PDU session establishment.[emaillocker id="1283"]
RECOMMENDATION:
REFERENCES:
The following reports contain further technical details:
https://github.com/advisories/GHSA-98cp-84m9-q3qp