Nil-Pointer Dereference in free5GC's UDR Affects 5G Core Network Functionality
CVE-2026-44323

4.3MEDIUM

Key Information:

Vendor

Free5gc

Status
Free5gc
Vendor
CVE Published:
27 May 2026

What is CVE-2026-44323?

The free5GC UDR component prior to version 4.2.2 exhibits a nil-pointer dereference vulnerability. This issue arises when an authenticated user attempts to delete subscription data but the relevant entry is missing. The UDR handler executes without properly validating the existence of the entry, leading to a panic and, consequently, an internal server error (HTTP 500). This flaw could be exploited through a single authenticated request if the necessary preconditions are met, permitting repeated access to a vulnerable endpoint. The vulnerability was resolved in version 4.2.2, which enhances the error handling and ensures proper validation before dereferencing pointers.

Affected Version(s)

free5gc < 4.2.2

References

https://github.com/free5gc/free5gc/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/free5gc/free5gc/issues/919
x_refsource_MISC
https://github.com/free5gc/udr/pull/60
x_refsource_MISC

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.