Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-44324

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's UDR nudr-dr DELETE /subscription-data/{ueId}/{servingPlmnId}/ee-subscriptions/{subsId}/amf-subscriptions handler panics on a single authenticated request against a fresh UDR instance when the supplied ueId does not exist in UESubsCollection. The processor checks value, ok := udrSelf.UESubsCollection.Load(ueId) and sets a 404 USER_NOT_FOUND problem-details on the miss path, but execution continues and immediately runs value.(*udr_context.UESubsData) -- a Go type assertion on a nil interface, which panics with interface conversion: interface {} is nil, not *context.UESubsData. Gin recovery converts the panic into HTTP 500, but the endpoint remains repeatedly panicable. This vulnerability is fixed in 4.2.2.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 20.9%
CVSS Severity
CVSS v3 Score 6.5
Products affected by CVE-2026-44324


Products
Pricing
Contact Us

Shodan ® - All rights reserved