Perceptive Security
SOC/SIEM Consultancy
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF PATCH /3gpp-pfd-management/v1/{afId}/transactions/{transId}/appli…
Published:
26 May 2026 at 22:00:00
Alert date:
27 May 2026 at 18:07:10
Source:
nvd.nist.gov
Network Infrastructure, Emerging Technologies
A vulnerability in free5GC, an open-source 5G core network implementation, causes a nil-pointer dereference panic in the NEF PATCH handler for PFD management. The issue occurs when upstream UDR calls fail and the consumer wrapper returns an error with nil ProblemDetails. The handler incorrectly attempts to read the Cause field from a nil pointer, causing a panic that results in HTTP 500 responses instead of proper error handling. This affects versions prior to 4.2.2 and has been fixed in the latest release.
Technical details
Mitigation steps:
Affected products:
free5GC
Related links:
https://nvd.nist.gov/vuln/detail/CVE-2026-44322
https://github.com/free5gc/free5gc/issues/925
https://github.com/free5gc/free5gc/security/advisories/GHSA-j59f-x285-69jx
https://github.com/free5gc/nef/commit/72a47f3fab4dffbd227f8d92c5f69dca93b610cb
https://github.com/free5gc/nef/pull/22
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.