CVE-2026-33063 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-33063 PUBLISHED CVSS 8.699999809265137 HIGH

free5GC is an open source 5G core network. free5GC AUSF prior to version 1.4.2 has is an Improper Null Check vulnerability leading to Denial of Service. All deployments of free5GC v4.0.1 using the AUSF UE authentication service (`/nausf-auth/v1/ue-authentications` endpoint) are affected. A remote attacker can cause the AUSF service to panic and crash by sending a crafted UE authentication request that triggers a nil interface conversion in the `GetSupiFromSuciSupiMap` function. This results in complete denial of service for the AUSF authentication service. The `GetSupiFromSuciSupiMap` function attempts to perform an interface conversion from `interface{}` to `*context.SuciSupiMap` without checking if the underlying value is nil. When `SuciSupiMap` is nil, the code panics with "interface conversion: interface {} is nil, not *context.SuciSupiMap". free5GC AUSF version 1.4.2 patches the issue. There is no direct workaround at the application level. The recommendation is to apply the provided patch or restrict access to the AUSF API to trusted sources only.

EPSS 0.18% · 39.9th percentile

Risk Scores

CVSS v4.0

8.699999809265137

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS Score

0.18%

39.9th percentile

Affected Products

Vendor	Product	Versions
free5gc	free5gc	0, 0
free5gc	ausf	< 1.4.2, < 1.4.2
github.com	free5gc/ausf	0, 0

Timeline

Mar 18, 2026 CVE Published
Mar 19, 2026 Security Advisory
Mar 20, 2026 CVE Updated
Mar 20, 2026 EPSS Score
Mar 21, 2026 EPSS Score
Mar 22, 2026 EPSS Score
Mar 22, 2026 Coalition ESS Score
Mar 23, 2026 EPSS Score
Mar 24, 2026 EPSS Score
Mar 25, 2026 EPSS Score

References

Open in Interactive Console →