Ghostwire

CVE-2026-44317: free5GC's PCF npcf-policyauthorization POST /app-sessions panics on suppFeat=1 with missing AfRoutReq via nil pointer...

MEDIUM CVSS 6.5 Exploit Available

Published: May 8, 2026 | Last Modified: May 8, 2026

Description

free5GC's PCF npcf-policyauthorization POST /app-sessions panics on suppFeat=1 with missing AfRoutReq via nil pointer dereference

Ghostwire Analysis — What This Means Practically

Medium CVSS score indicates moderate risk — exploitation requires specific conditions or results in limited impact.
Exploit code is reported to be available, increasing the likelihood of active exploitation.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

References

github.com/free5gc/free5gc/security/advisories/GHSA-wwqh-7jm5-gj7w
github.com/free5gc/free5gc/issues/879
github.com/free5gc/pcf/pull/65
github.com/free5gc/pcf/commit/508d70b8527a6c8c923179dad450ea01e16b6aeb
github.com/advisories/GHSA-wwqh-7jm5-gj7w
www.tenable.com/cve/CVE-2026-44317
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2026-44317