CNNVD-202601-4010 Information

CNNVD ID

CNNVD-202601-4010

Related CVE

CVE-2025-66719

• CNNVD Published: 2026-01-23

Description (Chinese)

nrf是free5GC开源的一个网络存储库功能模块。 nrf 1.4.0版本存在安全漏洞，该漏洞源于AccessTokenScopeCheck函数在使用特制targetNF值时绕过所有范围验证，可能导致获取任意范围的访问令牌。

Description (English)

nrf is a functional module of a network repository at free5GC open source. Version 1.4.0 contains a security loophole, which originates from the AccessTokenScopeCheck function, which circumvents all ranges when using a specially designed targetNF, which may result in obtaining an arbitrary range of access badges.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

free5GC

Published

2026-01-23

Last Modified

2026-02-24

References

https://github.com/free5gc/free5gc/issues/736 https://github.com/free5gc/nrf/pull/73 https://access.redhat.com/security/cve/cve-2025-66719

Patch

https://github.com/free5gc/nrf/releases