CVE-2026-40343: CVE-2026-40343: Fail-Open Request Handling in free5GC UDR Policy Data Subscription

CVE-2026-40343: Fail-Open Request Handling in free5GC UDR Policy Data Subscription Vulnerability ID: CVE-2026-40343 CVSS Score: 6.9 Published: 2026-04-21 A fail-open request handling vulnerability in the free5GC UDR service up to version 1.4.2 allows attackers to create invalid or unintended Policy Data notification subscriptions. The application fails to terminate execution upon encountering HTTP body retrieval or JSON deserialization errors, proceeding to process uninitialized data. TL;DR free