CVE-2026-44316
high
CVSS v3
7.5
CVSS v2
—
VIR risk
7.5
Description
free5GC's PCF npcf-smpolicycontrol POST /sm-policies panics on downstream UDR/OpenAPI 404 via nil pointer dereference
Predictions
Exploit likelihood
83%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Go | github.com/free5gc/pcf | <1.4.2 | 1.4.2 |
| GO | github.com/free5gc/pcf | < 1.4.2 | 1.4.2 |
References
- https://github.com/free5gc/free5gc/security/advisories/GHSA-wr8j-6chw-gm6p
- https://github.com/free5gc/free5gc/issues/803
- https://github.com/free5gc/pcf/pull/62
- https://github.com/free5gc/pcf/commit/df535f5524314620715e842baf9723efbeb481a7
- https://github.com/free5gc/free5gc
- https://github.com/advisories/GHSA-wr8j-6chw-gm6p
CWEs
CWE-476 CWE-754
Verify integrity in audit chain (admin only). AS-IS.