CVE-2026-44319

HIGH 7.5

free5GC: NEF crashes via logger.Fatal on PFD notification delivery failure (attacker-controlled notifyUri)

CVSS Score

7.5

EPSS Score

0.1%

EPSS Percentile

19th

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF terminates the entire process when a stored PFD-subscription notifyUri cannot be reached. In PfdChangeNotifier.FlushNotifications(), the notifier calls NnefPFDmanagementNotify(...) and on any delivery error invokes logger.PFDManageLog.Fatal(err), which is os.Exit(1)-equivalent in Go. An attacker who can create a PFD subscription with an attacker-chosen notifyUri and then trigger a PFD change can deterministically kill NEF on the asynchronous delivery attempt -- the process exits with status 1, dropping NEF's entire SBI surface until restart. This vulnerability is fixed in 4.2.2.

CWE	CWE-20 CWE-617 CWE-755
Vendor	free5gc
Product	free5gc
Published	May 27, 2026
Last Updated	May 28, 2026

Stay Ahead of the Next One

Get instant alerts for free5gc free5gc

Be the first to know when new high vulnerabilities affecting free5gc free5gc are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected Versions

free5gc / free5gc

< 4.2.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/free5gc/free5gc/security/advisories/GHSA-rxrq-fv76-26pr github.com: https://github.com/free5gc/free5gc/issues/924 github.com: https://github.com/free5gc/nef/pull/25 github.com: https://github.com/free5gc/nef/commit/f110517b1189801950b50668a593398687049074