CVE-2026-44322

Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2

Description The Network Exposure Function (NEF) in free5GC contains a nil-pointer dereference issue within the PatchIndividualApplicationPFDManagement() function. This occurs when a PATCH request is sent to the endpoint "/3gpp-pfd-management/v1/{afId}/transactions/{transId}/applications/{appId}" while the upstream Unified Data Repository (UDR) call fails and the consumer wrapper returns an error with a nil *ProblemDetails object. In this specific error branch, the handler attempts to read problemDetails.Cause despite problemDetails being nil, leading to a runtime panic. The Gin recovery mechanism converts this panic into an HTTP 500 Internal Server Error. This issue can be triggered without an Authorization header as the route group is mounted without inbound authentication middleware.

Recommendations Update to version 4.2.2. As a temporary workaround, restrict access to the "/3gpp-pfd-management/v1/{afId}/transactions/{transId}/applications/{appId}" endpoint to minimize the risk of exploitation.