A memory leak vulnerability in free5GC UDR Policy Control Function (PCF) versions prior to 1.4.3 allows unauthenticated attackers with network access to cause uncontrolled memory growth. The vulnerability is triggered by sending repeated HTTP requests to the OAM endpoint, which registers new CORS middleware on every request due to improper router.Use() call placement. This leads to progressive memory exhaustion and denial of service, preventing user equipment from obtaining AM and SM policies and blocking 5G session establishment. The issue affects the PCF SBI interface and has been patched in version 1.4.3.