CVE-2026-44323
Description
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/{ueId}/{servingPlmnId}/ee-subscriptions/{subsId}/amf-subscriptions handler contains a nil-pointer dereference reachable from a single authenticated request, after one preparatory authenticated EE-subscription create. The handler checks _, ok = UESubsData.EeSubscriptionCollection[subsId] and sets a 404 problem-details on the miss path, but then continues to UESubsData.EeSubscriptionCollection[subsId].AmfSubscriptionInfos -- dereferencing the same missing entry instead of returning. Gin recovery converts the panic into HTTP 500, but the endpoint remains repeatedly panicable. This vulnerability is fixed in 4.2.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/free5gc/udrGo | < 1.4.3 | 1.4.3 |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/free5gc/udr/commit/8a1d3c63be99d378806d771f086ff32f1867da99nvdPatchWEB
- github.com/free5gc/udr/pull/60nvdIssue TrackingPatchWEB
- github.com/free5gc/free5gc/issues/919nvdExploitIssue TrackingWEB
- github.com/free5gc/free5gc/security/advisories/GHSA-4rqf-grm6-vf75nvdExploitVendor AdvisoryWEB
- github.com/advisories/GHSA-4rqf-grm6-vf75ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-44323ghsaADVISORY
News mentions
1- Free5gc 4.2.2: 20 CVEs Land in Single Disclosure — Missing Auth, Panics, and Protocol FlawsVypr Intelligence · May 27, 2026