CVE-2026-27643 is a vulnerability classified under CWE-209 (Generation of Error Message Containing Sensitive Information) found in the free5GC project, an open-source 5G core network implementation. The issue resides in the UDR component, which manages user data repositories. Specifically, the NEF (Network Exposure Function) component leaks detailed parsing error messages when processing malformed input in the Nnef_PfdManagement service. For example, if an invalid character such as 'n' appears after a top-level JSON value, the error message returned to the client includes this internal parsing detail. This behavior can be exploited by remote attackers without authentication or user interaction to gather information about the internal workings and data formats of the service, aiding in service fingerprinting and reconnaissance. The vulnerability affects all free5GC UDR versions up to and including 1.4.1. The issue was addressed in a patch submitted as pull request 56 to the free5gc/udr repository. No direct application-level workarounds exist, making patching the primary remediation. The CVSS 4.0 base score is 6.6 (medium), reflecting the vulnerability's network attack vector, no required privileges or user interaction, and high impact on confidentiality due to information disclosure. There are no known exploits in the wild at this time.

The primary impact of CVE-2026-27643 is information disclosure that can aid attackers in fingerprinting the free5GC UDR service. By revealing internal parsing error details, attackers can better understand the data structures, input validation mechanisms, and potentially identify other weaknesses in the 5G core network implementation. This reconnaissance capability can facilitate subsequent targeted attacks, such as injection attacks or exploitation of other vulnerabilities. For organizations deploying free5GC in production 5G networks, this could lead to compromised confidentiality of subscriber data or disruption of network services if chained with other exploits. Although the vulnerability itself does not directly allow data modification or denial of service, the leakage of sensitive internal information increases the overall attack surface and risk profile of the 5G core infrastructure. Given the critical role of 5G networks in telecommunications, any compromise could have wide-reaching effects on service availability and privacy.

The definitive mitigation for CVE-2026-27643 is to apply the patch provided in free5gc/udr pull request 56, which removes or sanitizes the detailed error messages returned by the NEF component during parsing failures. Organizations should upgrade free5GC UDR to a version that includes this patch or backport the fix if maintaining older versions. Since there is no direct application-level workaround, network-level protections can help reduce exposure: restrict access to the Nnef_PfdManagement service to trusted management networks or VPNs, implement strict input validation and filtering at perimeter firewalls or API gateways, and monitor logs for repeated parsing errors that may indicate reconnaissance attempts. Additionally, security teams should conduct regular vulnerability assessments and penetration tests on 5G core components to detect similar information leakage issues. Employing runtime application self-protection (RASP) or web application firewalls (WAF) with custom rules to detect and block malformed requests targeting the NEF component can also help mitigate exploitation risk.