free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's PCF POST /npcf-smpolicycontrol/v1/sm-policies handler (HandleCreateSm…

CVE-2026-44316 affects free5GC, an open-source 5G core network implementation. Prior to version 4.2.2, the PCF POST handler panics with nil-pointer dereference when downstream UDR lookup returns 404 Not Found. The handler continues executing instead of returning, then dereferences the nil response struct causing panic. In version 4.2.1, the endpoint is reachable without Authorization header due to missing auth middleware. A single malicious POST request can trigger HTTP 500 response instead of proper 4xx error. The vulnerability is fixed in version 4.2.2.