Is github.com/free5gc/amf affected by CVE-2026-41136?

Go github.com/free5gc/amf is affected in <=1.4.3.

Is CVE-2026-41136 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.3%.

medium

CVE-2026-41136

Q: Is CVE-2026-41136 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.3%.

Go · github.com/free5gc/amf

Summary

free5GC AMF: Missing default case in Content-Type switch in HTTPUEContextTransfer

Severity: medium
EPSS: 0.3% (p20)
Also known as: GHSA-r99v-75p9-xqm5
Published: 2026-04-22

References

https://github.com/free5gc/free5gc/security/advisories/GHSA-r99v-75p9-xqm5
https://nvd.nist.gov/vuln/detail/CVE-2026-41136
https://github.com/free5gc/amf/releases/tag/v1.4.3

Related advisories

CVE-2026-42081 — medium · Go/github.com/free5gc/amf
CVE-2026-4531 — medium · Go/github.com/free5gc/amf

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.