top of page
perceptive_background_267k.jpg

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF PATCH /3gpp-pfd-management/v1/{afId}/transactions/{transId}/appli…

Published:

26 May 2026 at 22:00:00

Alert date:

27 May 2026 at 20:13:41

Source:

nvd.nist.gov

Click to open the original link from this advisory

Network Infrastructure, Mobile & IoT

CVE-2026-44322 affects free5GC, an open-source 5G core network implementation. The vulnerability exists in the NEF (Network Exposure Function) PATCH handler for PFD management endpoints. When UDR calls fail and specific error conditions occur, the handler attempts to read a nil pointer (problemDetails.Cause), causing a panic. The Gin framework converts this panic into an HTTP 500 error instead of proper error handling. This affects versions prior to 4.2.2 and has been fixed in that release. The vulnerability impacts error handling in 5G network management operations.

Technical details

Mitigation steps:

Affected products:

free5GC

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-44322
https://github.com/free5gc/free5gc/issues/925
https://github.com/free5gc/free5gc/security/advisories/GHSA-j59f-x285-69jx
https://github.com/free5gc/nef/commit/72a47f3fab4dffbd227f8d92c5f69dca93b610cb
https://github.com/free5gc/nef/pull/22

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page