CVE-2026-40343: free5GC UDR: Fail-open handling in PolicyDataSubsToNotifyPost allows unintended subscription creation

April 21, 2026 (updated April 24, 2026)

A fail-open request handling flaw in the UDR service causes the /nudr-dr/v2/policy-data/subs-to-notify POST handler to continue processing requests even after request body retrieval or deserialization errors.

This may allow unintended creation of Policy Data notification subscriptions with invalid, empty, or partially processed input, depending on downstream processor behavior.

References

github.com/advisories/GHSA-jwch-w7wh-gqjm
github.com/free5gc/free5gc
github.com/free5gc/free5gc/security/advisories/GHSA-jwch-w7wh-gqjm
nvd.nist.gov/vuln/detail/CVE-2026-40343

Code Behaviors & Features

Detect and mitigate CVE-2026-40343 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →