Cyber Posture

CVE-2026-44322

HighPublic PoC
Microsoft: not affectedMSmacOS: not affectedMacLinux: not affectedLnxMobile: not affectedMobNetwork: not affectedNetApplication: affectedAppOther: not affectedOth

Published: 27 May 2026

Published
27 May 2026
Modified
28 May 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0005 15.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-44322 is a high-severity NULL Pointer Dereference (CWE-476) vulnerability in Free5Gc Free5Gc. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 15.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004).
Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

AU-5 Response to Audit Logging Process Failures
addresses: CWE-754

Requires detection and response to audit logging failures as an unusual or exceptional condition.

CP-12 Safe Mode
addresses: CWE-754

Implements detection of unusual or exceptional conditions followed by safe mode entry, reducing the window for exploitation of unchecked conditions.

CP-3 Contingency Training
addresses: CWE-754

Training ensures users perform required checks for unusual or exceptional conditions as part of contingency roles, limiting attacker leverage from skipped validations.

IR-3 Incident Response Testing
addresses: CWE-754

IR testing directly validates checks for unusual or exceptional conditions that could indicate security incidents.

PM-31 Continuous Monitoring Strategy
addresses: CWE-754

Requires ongoing monitoring of organization-defined metrics and analysis, enabling checks for unusual or exceptional conditions.

SA-11 Developer Testing and Evaluation
addresses: CWE-754

Security testing routinely checks for unusual or exceptional inputs/conditions, identifying missing validation steps that flaw remediation then resolves.

SC-24 Fail in Known State
addresses: CWE-754

Requires detection of unusual conditions followed by a controlled transition to the defined failure state.

SI-13 Predictable Failure Prevention
addresses: CWE-754

MTTF determination forces explicit checks for conditions that precede predictable component failure.

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
attack.mitre.org →
Why these techniques?

Nil dereference triggers service panic/HTTP 500 on crafted PATCH, directly enabling application-layer DoS via exploitation.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF PATCH /3gpp-pfd-management/v1/{afId}/transactions/{transId}/applications/{appId} handler panics with a nil-pointer dereference when the upstream UDR call fails AND the consumer wrapper returns err != nil together with a…

more

nil *ProblemDetails. The handler's errPfdData != nil branch builds its own problemDetailsErr correctly, but immediately after it reads problemDetails.Cause (the OTHER value, which is nil in this branch) and panics. Gin recovery converts the panic into HTTP 500, so a single PATCH against this endpoint returns 500 instead of the intended controlled error response whenever UDR access is failing. This vulnerability is fixed in 4.2.2.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s)
CWE-476CWE-754
OWASP Top 10 Web 2025
A10:2025

Affected Products

free5gc
free5gc
≤ 4.2.2

EU & UK References

References