Open Source 5G Core Network Vulnerability in free5GC by free5GC
CVE-2026-44316

7.5HIGH

Key Information:

Vendor

Free5gc

Status
Free5gc
Vendor
CVE Published:
27 May 2026

What is CVE-2026-44316?

The free5GC open-source implementation of the 5G core network exhibits a critical vulnerability in its PCF component's handling of POST requests. This issue arises when the /npcf-smpolicycontrol/v1/sm-policies handler encounters a nil-pointer dereference due to a failed downstream UDR lookup that returns a 404 Not Found error. Instead of aborting execution properly, the handler continues to process and attempts to access a nil response struct, resulting in a system panic and subsequent HTTP 500 error. This flaw not only allows attackers to exploit unexpected behavior by sending crafted POST requests that trigger the failure but also poses a significant risk because, in version 4.2.1, the vulnerable endpoint could be accessed without authentication. The vulnerability has been addressed in version 4.2.2, emphasizing the importance of regular updates and security assessments.

Affected Version(s)

free5gc < 4.2.2

References

https://github.com/free5gc/free5gc/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/free5gc/free5gc/issues/803
x_refsource_MISC
https://github.com/free5gc/pcf/pull/62
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.