{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5360", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-01T17:16:17.906Z", "datePublished": "2026-04-02T17:00:19.072Z", "dateUpdated": "2026-04-03T19:59:25.061Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-02T17:00:19.072Z"}, "title": "Free5GC aper type confusion", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-843", "lang": "en", "description": "Type Confusion"}]}], "affected": [{"vendor": "n/a", "product": "Free5GC", "versions": [{"version": "4.2.0", "status": "affected"}], "cpes": ["cpe:2.3:a:free5gc:free5gc:*:*:*:*:*:*:*:*"], "modules": ["aper"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Free5GC 4.2.0. The affected element is an unknown function of the component aper. Such manipulation leads to type confusion. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 26205eb01705754b7b902ad6c4b613c96c881e29. It is best practice to apply a patch to resolve this issue."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.3, "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.7, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2026-04-01T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-01T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-01T19:21:22.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "shovon0203 (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/vuln/354735", "name": "VDB-354735 | Free5GC aper type confusion", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/vuln/354735/cti", "name": "VDB-354735 | CTI Indicators (IOB, IOC)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/781573", "name": "Submit #781573 | Linux Foundation free5GC 4.2.0 Type Confusion", "tags": ["third-party-advisory"]}, {"url": "https://github.com/free5gc/free5gc/issues/831", "tags": ["issue-tracking"]}, {"url": "https://github.com/free5gc/aper/pull/11", "tags": ["issue-tracking", "patch"]}, {"url": "https://github.com/free5gc/free5gc/issues/831#issue-3996453112", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/free5gc/aper/commit/26205eb01705754b7b902ad6c4b613c96c881e29", "tags": ["patch"]}, {"url": "https://github.com/free5gc/free5gc/", "tags": ["product"]}], "tags": ["x_open-source"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-03T19:59:15.436297Z", "id": "CVE-2026-5360", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-03T19:59:25.061Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-5360", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-03T19:59:15.436297Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-03T19:59:20.498Z"}}], "cna": {"tags": ["x_open-source"], "title": "Free5GC aper type confusion", "credits": [{"lang": "en", "type": "reporter", "value": "shovon0203 (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C"}}], "affected": [{"cpes": ["cpe:2.3:a:free5gc:free5gc:*:*:*:*:*:*:*:*"], "vendor": "n/a", "modules": ["aper"], "product": "Free5GC", "versions": [{"status": "affected", "version": "4.2.0"}]}], "timeline": [{"lang": "en", "time": "2026-04-01T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-04-01T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-04-01T19:21:22.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/354735", "name": "VDB-354735 | Free5GC aper type confusion", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/vuln/354735/cti", "name": "VDB-354735 | CTI Indicators (IOB, IOC)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/781573", "name": "Submit #781573 | Linux Foundation free5GC 4.2.0 Type Confusion", "tags": ["third-party-advisory"]}, {"url": "https://github.com/free5gc/free5gc/issues/831", "tags": ["issue-tracking"]}, {"url": "https://github.com/free5gc/aper/pull/11", "tags": ["issue-tracking", "patch"]}, {"url": "https://github.com/free5gc/free5gc/issues/831#issue-3996453112", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/free5gc/aper/commit/26205eb01705754b7b902ad6c4b613c96c881e29", "tags": ["patch"]}, {"url": "https://github.com/free5gc/free5gc/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Free5GC 4.2.0. The affected element is an unknown function of the component aper. Such manipulation leads to type confusion. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 26205eb01705754b7b902ad6c4b613c96c881e29. It is best practice to apply a patch to resolve this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-843", "description": "Type Confusion"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-02T17:00:19.072Z"}}}, "cveMetadata": {"cveId": "CVE-2026-5360", "state": "PUBLISHED", "dateUpdated": "2026-04-03T19:59:25.061Z", "dateReserved": "2026-04-01T17:16:17.906Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-04-02T17:00:19.072Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Free5GC 4.2.0. The affected element is an unknown function of the component aper. Such manipulation leads to type confusion. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 26205eb01705754b7b902ad6c4b613c96c881e29. It is best practice to apply a patch to resolve this issue."}], "id": "CVE-2026-5360", "lastModified": "2026-04-03T16:10:23.730", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-02T17:16:32.733", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/free5gc/aper/commit/26205eb01705754b7b902ad6c4b613c96c881e29"}, {"source": "cna@vuldb.com", "url": "https://github.com/free5gc/aper/pull/11"}, {"source": "cna@vuldb.com", "url": "https://github.com/free5gc/free5gc/"}, {"source": "cna@vuldb.com", "url": "https://github.com/free5gc/free5gc/issues/831"}, {"source": "cna@vuldb.com", "url": "https://github.com/free5gc/free5gc/issues/831#issue-3996453112"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/781573"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/354735"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/354735/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-843"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "4.2.0"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Free5GC", "source": "cna", "vendor": "n/a"}, "product": "free5gc", "vendor": "free5gc"}], "analysis": {"en": {"generated_at": "2026-04-02T22:57:01.458797+00:00", "value": {"mitigation_remediation": ["Apply the patch corresponding to commit 26205eb01705754b7b902ad6c4b613c96c881e29 to address the type confusion in the aper component of Free5GC.", "Upgrade to a Free5GC version that includes the patch if newer releases are available.", "Verify that your deployment is no longer using the vulnerable 4.2.0 release, and if applicable, restart affected services.", "Monitor security advisories for the Free5GC community for any updates or additional mitigations."], "summary": {"action": "Immediate Patch", "impact": "Remote code execution"}, "threat_synthesis": {"affected_systems": "The affected vendor is Free5GC; the product is Free5GC, and the vulnerable version is 4.2.0. No other versions are listed as affected.", "description_and_impact": "The vulnerability is a type confusion flaw in the aper component of Free5GC 4.2.0. Attackers can manipulate inputs to trigger incorrect type handling, potentially leading to memory corruption or arbitrary code execution. The flaw is considered remote, with high complexity and difficult exploitability. The public disclosure indicates that the issue is known and the patch is available.", "risk_and_exploitability": "The CVSS score of 6.3 places the vulnerability in the medium severity range. Exploitability is described as difficult, and the EPSS score is not available, so the precise likelihood of exploitation is unknown. The vulnerability is not listed in the CISA KEV catalog, suggesting no confirmed exploit at the time of reporting. Nonetheless, the possibility of remote exploitation warrants timely remediation."}}}}, "created": "2026-04-03T07:32:28.178329+00:00", "updated": "2026-04-03T09:18:19.281541+00:00", "vendors": ["free5gc", "free5gc$PRODUCT$free5gc"]}