Approved changes feed: RSS · Atom
cpe:2.3:a:free5gc:nrf:1.4.0:*:*:*:*:*:*:*
part: a version: 1.4.0 update: *
| Vendor | Free5Gc (77fcf67d-849c-57a8-9f49-9d3927749b22) |
|---|---|
| Product | Nrf (8ffd58f0-e7eb-5434-86d4-5d2becb371cd) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/free5gc/nrf |
purl2cpe | 2026-06-01 10:14:56.546680 |
pkg:golang/github.com/free5gc/nrf |
purl2cpe | 2026-06-01 10:14:56.546681 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-66719 |
vulnerable | 2026-06-08 07:41:19.470736 |
Details available
An issue was discovered in Free5gc NRF 1.4.0. In the access-token generation logic of free5GC, the AccessTokenScopeCheck() function in file internal/sbi/processor/access_token.go bypasses all scope validation when the attacker uses a crafted targetNF value. This allows attackers to obtain an access token with any arbitrary scope.
Published: 2026-01-23T00:00:00.000Z
Updated: 2026-01-23T19:24:55.108Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.