Ghostwire

CVE-2026-44323: free5GC's UDR nudr-dr DELETE amf-subscriptions panics on missing subsId when UE state exists (nil pointer dereference)

MEDIUM CVSS 4.3 Exploit Available

Published: May 8, 2026 | Last Modified: May 8, 2026

Description

free5GC's UDR nudr-dr DELETE amf-subscriptions panics on missing subsId when UE state exists (nil pointer dereference)

Ghostwire Analysis — What This Means Practically

Medium CVSS score indicates moderate risk — exploitation requires specific conditions or results in limited impact.
Exploit code is reported to be available, increasing the likelihood of active exploitation.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

References

github.com/free5gc/free5gc/security/advisories/GHSA-4rqf-grm6-vf75
github.com/free5gc/free5gc/issues/919
github.com/free5gc/udr/pull/60
github.com/free5gc/udr/commit/8a1d3c63be99d378806d771f086ff32f1867da99
github.com/advisories/GHSA-4rqf-grm6-vf75
www.tenable.com/cve/CVE-2026-44323
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2026-44323