{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,17]],"date-time":"2026-02-17T14:17:34Z","timestamp":1771337854436,"version":"3.50.1"},"reference-count":21,"publisher":"MDPI AG","issue":"1","license":[{"start":{"date-parts":[[2026,2,17]],"date-time":"2026-02-17T00:00:00Z","timestamp":1771286400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["JCP"],"abstract":"The rollout of 5G Standalone networks introduces unprecedented flexibility and performance through service-based architecture (SBA), virtualization, open APIs, and network slicing, while simultaneously expanding the attack surface across control, user, and cross-plane interfaces. This article provides a systematic, vulnerability-prioritized, selective characterization of the current state of weaknesses specific to the 5G control and user planes and transparent risk scoring. Using a PRISMA-aligned methodology, vulnerabilities are mapped explicitly to 3GPP network functions and interfaces (e.g., AMF, SMF, UPF; N2, N4, SBA APIs) and categorized by operational evidence level ranging from theoretical analysis to documented live-network exploitation. A normalized criticality scoring model integrates likelihood, impact, exploitability, and CVSS-derived severity. The analysis shows that control-plane signaling floods, PFCP misuse, and container escapes stand out as the most pressing risks. It also exposes how little attention has been given to securing the user plane and strengthening slice isolation. The paper wraps up with clear, evidence-based hardening priorities for each plane, along with research areas that matter for today\u2019s 5G networks and the shift toward 6G.<\/jats:p>","DOI":"10.3390\/jcp6010037","type":"journal-article","created":{"date-parts":[[2026,2,17]],"date-time":"2026-02-17T13:15:35Z","timestamp":1771334135000},"page":"37","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Investigating Security Vulnerabilities in 5G Control and User Planes: Attack Patterns and Protection Strategies"],"prefix":"10.3390","volume":"6","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1260-7227","authenticated-orcid":false,"given":"Samuel T.","family":"Aiello","sequence":"first","affiliation":[{"name":"Comcast Corporation, Comcast Center, 1701 JFK Boulevard, Philadelphia, PA 19103, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7680-9293","authenticated-orcid":false,"given":"Bhaskar P.","family":"Rimal","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of Idaho, Moscow, ID 83844, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1241-2750","authenticated-orcid":false,"given":"Frederick T.","family":"Sheldon","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of Idaho, Moscow, ID 83844, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1962-4847","authenticated-orcid":false,"given":"Yong","family":"Wang","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of Idaho, Moscow, ID 83844, USA"}]}],"member":"1968","published-online":{"date-parts":[[2026,2,17]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Kumar, T., Partala, J., Nguyen, T., Agrawal, L., Mondal, A., Kumar, A., Ahmad, I., Peltonen, E., Pirttikangas, S., and Harjula, E. (2025). Secure Edge Intelligence in the 6G Era. Security and Privacy for 6G Massive IoT, John Wiley & Sons, Inc.","DOI":"10.1002\/9781119988007.ch2"},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Kim, Y.-E., Kim, Y.-S., and Kim, H. (2022). Effective feature selection methods to detect IoT DDoS attack in 5G core network. Sensors, 22.","DOI":"10.3390\/s22103819"},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"4698","DOI":"10.1109\/TNSM.2023.3264005","article-title":"VNF and CNF placement in 5G: Recent advances and future trends","volume":"20","author":"Attaoui","year":"2023","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"364","DOI":"10.52953\/ZRCK3746","article-title":"AI-driven Container Security Approaches for 5G and Beyond: A Survey","volume":"4","author":"Sever","year":"2023","journal-title":"ITU J. Future Evol. Technol."},{"key":"ref_5","unstructured":"Wen, H., Porras, P.A., Yegneswaran, V., Gehani, A., and Lin, Z. (March, January 26). 5G-Spector: An O-RAN Compliant Layer-3 Cellular Attack Detection Service. Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Cremers, C., and Dehnel-Wild, M. (2019, January 24\u201327). Component-based formal analysis of 5G-AKA: Channel assumptions and session confusion. Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA.","DOI":"10.14722\/ndss.2019.23394"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Borgaonkar, R., Hirschi, L., Park, S., and Shaik, A. (2025, October 10). New Privacy Threat on 3G, 4G, and Upcoming 5G AKA Protocols. Cryptology ePrint Archive. Available online: https:\/\/eprint.iacr.org\/2018\/1175.","DOI":"10.2478\/popets-2019-0039"},{"key":"ref_8","unstructured":"Bjerre, S.A., Kl\u00e6bel Blomsterberg, M.W., and Andersen, B. (November, January 30). 5G attacks and countermeasures. Proceedings of the 25th International Symposium on Wireless Personal Multimedia Communications (WPMC), Herning, Denmark."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3715001","article-title":"A Container Security Survey: Exploits, Attacks, and Defenses","volume":"57","author":"Jarkas","year":"2025","journal-title":"ACM Comput. Surv."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"192","DOI":"10.1109\/MCOM.2017.1600156CM","article-title":"Mobile Edge Computing Empowered Fiber-Wireless Access Networks in the 5G Era","volume":"55","author":"Rimal","year":"2017","journal-title":"IEEE Commun. Mag."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Nyangaresi, V.O., Abduljabbar, Z.A., and Abduljabbar, Z.A. (2021, January 20\u201322). Authentication and Key Agreement Protocol for Secure Traffic Signaling in 5G Networks. Proceedings of the 2021 IEEE 2nd International Conference on Signal, Control and Communication (SCC), Hammamet, Tunisia.","DOI":"10.1109\/SCC53769.2021.9768338"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"118401","DOI":"10.1016\/j.eswa.2022.118401","article-title":"Multi-Channel Man-in-the-Middle attacks against protected Wi-Fi networks: A state of the art review","volume":"210","author":"Thankappan","year":"2022","journal-title":"Expert Syst. Appl."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Salazar, Z., Nguyen, H.N., Mallouli, W., Cavalli, A.R., and Montes de Oca, E. (2021, January 17\u201320). 5greplay: A 5g network traffic fuzzer-application to attack injection. Proceedings of the 16th International Conference on Availability, Reliability and Security, Vienna, Austria.","DOI":"10.1145\/3465481.3470079"},{"key":"ref_14","unstructured":"Constantin, L. (2023, December 30). What You Need to Know About the RunC Container Escape Vulnerability. Available online: https:\/\/thenewstack.io\/what-you-need-to-know-about-the-runc-container-escape-vulnerability\/."},{"key":"ref_15","unstructured":"National Security Agency\/Central Security Service (2024, January 30). Potential Threats to 5G Network Slicing, Available online: https:\/\/www.nsa.gov\/Press-Room\/Press-Releases-Statements\/Press-Release-View\/Article\/3244745\/esf-members-nsa-and-cisa-provide-threat-assessment-best-practices-for-5g-networ\/."},{"key":"ref_16","unstructured":"Barriga, L., and Mattila, L. (2024, February 10). Cyber Threat Intelligence: Understanding Attack Patterns in Mobile Networks. Available online: https:\/\/www.ericsson.com\/en\/blog\/2022\/6\/cyber-threat-intelligence-mobile-networks."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"e4312","DOI":"10.1002\/ett.4312","article-title":"Validation of VANET message dissemination algorithms otherwise vulnerable to broadcast storms in urban contexts","volume":"32","author":"AlQahtani","year":"2021","journal-title":"Trans. Emerg. Telecommun. Technol."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"124","DOI":"10.1186\/s13638-022-02204-5","article-title":"Threatening the 5G core via PFCP DoS attacks: The case of blocking UAV communications","volume":"2022","author":"Amponis","year":"2022","journal-title":"EURASIP J. Wirel. Commun. Netw."},{"key":"ref_19","unstructured":"Ito, H., Prasad, A.R., Arumugam, S., Yoshizawa, T., Lakshminarayanan, S., and Baskaran, S.B.M. (2019). Integrity Protection for User Plane Data in 5G Network. (World Intellectual Property Organization Patent WO2019159788A1)."},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Pothumarti, R., Jain, K., and Krishnan, P. (2021). A lightweight authentication scheme for 5G mobile communications: A dynamic key approach. J. Ambient. Intell. Humaniz. Comput., 1\u201319.","DOI":"10.1007\/s12652-020-02857-4"},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"2082","DOI":"10.1109\/TIFS.2023.3346696","article-title":"Secure Full Duplex Integrated Sensing and Communications","volume":"19","author":"Bazzi","year":"2024","journal-title":"IEEE Trans. Inf. Forensics Secur."}],"container-title":["Journal of Cybersecurity and Privacy"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2624-800X\/6\/1\/37\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,17]],"date-time":"2026-02-17T13:31:35Z","timestamp":1771335095000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2624-800X\/6\/1\/37"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,2,17]]},"references-count":21,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2026,2]]}},"alternative-id":["jcp6010037"],"URL":"https:\/\/doi.org\/10.3390\/jcp6010037","relation":{},"ISSN":["2624-800X"],"issn-type":[{"value":"2624-800X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,2,17]]}}}