PatchSiren cyber security CVE debrief
CVE-2026-42082 free5gc CVE debrief
A vulnerability in free5GC's Access and Mobility Management Function (AMF) prior to version 4.2.2 allows security context mismatches between the network and User Equipment (UE). The AMF fails to enforce concurrent security procedure rules from 3GPP TS 33.501 §6.9.5.1, specifically not checking for ongoing N2 handover procedures before initiating NAS Security Mode Command, and vice versa. This can result in desynchronized NAS and AS security contexts. The issue was published on 2026-05-27 and affects free5GC versions before 4.2.2. The vulnerability is classified as LOW severity with a CVSS score of 3.7.
- Vendor
- free5gc
- Product
- Unknown
- CVSS
- LOW 3.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-27
- Original CVE updated
- 2026-05-27
- Advisory published
- 2026-05-27
- Advisory updated
- 2026-05-27
Who should care
Telecommunications operators deploying free5GC-based 5G core networks, mobile network security engineers, and organizations responsible for 5G infrastructure security governance should prioritize this advisory. The vulnerability specifically affects environments where N2 handover procedures and NAS security operations may overlap, potentially impacting subscriber authentication and session integrity.
Technical summary
The free5GC AMF component prior to version 4.2.2 contains a logic flaw in its handling of concurrent security procedures. Specifically, the AMF does not verify whether an N2 handover procedure is in progress before initiating a NAS Security Mode Command, and conversely does not check for ongoing NAS security procedures before handling N2 handover operations. This violates the concurrent security procedure rules defined in 3GPP TS 33.501 section 6.9.5.1, which are designed to prevent race conditions that could lead to mismatched security contexts between the network and UE. The vulnerability could allow an attacker with adjacent network access and low privileges to cause integrity and availability impacts through security context desynchronization. The attack requires high complexity due to timing constraints. The issue is resolved in free5GC version 4.2.2.
Defensive priority
LOW
Recommended defensive actions
- Upgrade free5GC to version 4.2.2 or later to address the security context synchronization issue.
- Review AMF configurations to ensure proper enforcement of concurrent security procedures per 3GPP TS 33.501 §6.9.5.1.
- Monitor for anomalous NAS signaling patterns that may indicate attempted exploitation of security context mismatches.
- Validate that N2 handover procedures and NAS Security Mode Command operations are properly sequenced in operational deployments.
Evidence notes
The vulnerability description is sourced from the official CVE record and NVD entry. The fix version 4.2.2 is confirmed in the security advisory. The CVSS vector indicates attack complexity is high (AC:H), privileges required are low (PR:L), and the attack vector is adjacent network (AV:A).
Official resources
-
CVE-2026-42082 CVE record
CVE.org
-
CVE-2026-42082 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
The vulnerability was disclosed via GitHub Security Advisory GHSA-vrrx-58h3-prmh and published in the NVD on 2026-05-27. The issue was identified as CWE-358 (Improperly Implemented Security Check for Standard).