free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF PATCH /3gpp-pfd-management/v1/{afId}/transactions/{transId}/appli…

CVE-2026-44322 affects free5GC, an open-source 5G core network implementation. The vulnerability exists in the NEF (Network Exposure Function) PATCH handler for PFD management endpoints. When UDR calls fail and specific error conditions occur, the handler attempts to read a nil pointer (problemDetails.Cause), causing a panic. The Gin framework converts this panic into an HTTP 500 error instead of proper error handling. This affects versions prior to 4.2.2 and has been fixed in that release. The vulnerability impacts error handling in 5G network management operations.