Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2026-44316
Undergoing Analysis
More InfoOfficial Page
Source-security-advisories@github.com
View Known Exploited Vulnerability (KEV) details
Published At-27 May, 2026 | 17:16
Updated At-27 May, 2026 | 19:51

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's PCF POST /npcf-smpolicycontrol/v1/sm-policies handler (HandleCreateSmPolicyRequest) panics with a nil-pointer dereference when a downstream OpenAPI consumer call (UDR lookup) returns 404 Not Found and the consumer wrapper returns err != nil together with a nil response struct. The handler logs the OpenAPI error and continues executing instead of returning, then dereferences the nil response struct on a subsequent line and panics. Gin recovery converts the panic into HTTP 500, so a single attacker-shaped POST returns 500 instead of a clean 4xx whenever the downstream lookup fails. The PCF process keeps running. The trigger is a single POST containing input that causes the downstream UDR lookup to fail (e.g. an unknown DNN). In 4.2.1 this endpoint is also reachable WITHOUT an Authorization header because the PCF Npcf_SMPolicyControl route group is mounted without inbound auth middleware. This vulnerability is fixed in 4.2.2.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-476Secondarysecurity-advisories@github.com
CWE-754Secondarysecurity-advisories@github.com
CWE ID: CWE-476
Type: Secondary
Source: security-advisories@github.com
CWE ID: CWE-754
Type: Secondary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/free5gc/free5gc/issues/803security-advisories@github.com
N/A
https://github.com/free5gc/free5gc/security/advisories/GHSA-wr8j-6chw-gm6psecurity-advisories@github.com
N/A
https://github.com/free5gc/pcf/commit/df535f5524314620715e842baf9723efbeb481a7security-advisories@github.com
N/A
https://github.com/free5gc/pcf/pull/62security-advisories@github.com
N/A
https://github.com/free5gc/free5gc/issues/803134c704f-9b21-4f2e-91b3-4a467353bcc0
N/A
Hyperlink: https://github.com/free5gc/free5gc/issues/803
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/free5gc/free5gc/security/advisories/GHSA-wr8j-6chw-gm6p
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/free5gc/pcf/commit/df535f5524314620715e842baf9723efbeb481a7
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/free5gc/pcf/pull/62
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/free5gc/free5gc/issues/803
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource: N/A
Change History
0Changes found
Details not found