CVE-2026-44319
Analyzed Analyzed - Analysis Complete
Denial of Service in free5GC NEF Component

Publication date: 2026-05-27

Last updated on: 2026-05-28

Assigner: GitHub, Inc.

Description
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF terminates the entire process when a stored PFD-subscription notifyUri cannot be reached. In PfdChangeNotifier.FlushNotifications(), the notifier calls NnefPFDmanagementNotify(...) and on any delivery error invokes logger.PFDManageLog.Fatal(err), which is os.Exit(1)-equivalent in Go. An attacker who can create a PFD subscription with an attacker-chosen notifyUri and then trigger a PFD change can deterministically kill NEF on the asynchronous delivery attempt -- the process exits with status 1, dropping NEF's entire SBI surface until restart. This vulnerability is fixed in 4.2.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-05-28
Generated
2026-06-17
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-44319
EUVD
EUVD-2026-32579
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
free5gc free5gc to 4.2.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-617 The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
CWE-755 The product does not handle or incorrectly handles an exceptional condition.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in free5GC, an open-source 5G core network implementation. Before version 4.2.2, the NEF (Network Exposure Function) component would terminate its entire process if it failed to reach a stored PFD-subscription notifyUri during notification delivery. Specifically, when the notifier attempts to send a notification and encounters a delivery error, it calls a fatal logging function that causes the process to exit immediately. An attacker who can create a PFD subscriptions with a malicious notifyUri and then trigger a PFD change can cause the NEF process to crash deterministically, resulting in the NEF service being unavailable until it is manually restarted.

Impact Analysis

The impact of this vulnerability is a denial of service (DoS) condition on the NEF component of the free5GC 5G core network. An attacker can cause the NEF process to exit unexpectedly, which drops the entire SBI (Service-Based Interface) surface of NEF. This means that NEF will be unavailable to handle requests or provide its services until the process is restarted, potentially disrupting network operations and service availability.

Mitigation Strategies

To mitigate this vulnerability, upgrade free5GC to version 4.2.2 or later, where the issue is fixed.

Avoid using attacker-controlled notifyUri values in PFD subscriptions to prevent triggering the process exit.

Compliance Impact

This vulnerability causes a denial of service (DoS) by crashing the free5GC NEF process when a notification URI is unreachable, resulting in the NEF service becoming unavailable until manually restarted.

While the CVE description and resources detail the availability impact, there is no direct information on how this affects compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

This vulnerability can be detected by monitoring the NEF process for unexpected crashes or exits with status code 1, especially after PFD subscription changes.

Specifically, if the NEF process terminates when attempting to deliver notifications to a notifyUri, it indicates the presence of this vulnerability.

To detect exploitation attempts, you can look for PFD subscriptions with suspicious or attacker-controlled notifyUri values, such as unreachable IP addresses or ports (e.g., http://127.0.0.1:1/notify).

Suggested commands to detect the issue include:

  • Check NEF process status and recent exits: `systemctl status free5gc-nef` or `docker ps` and `docker logs <nef-container>` if running in Docker.
  • Monitor system logs for NEF crashes or fatal errors related to PFD notifications.
  • Use network monitoring tools (e.g., tcpdump, Wireshark) to detect POST requests creating PFD subscriptions with suspicious notifyUri values.
  • Search the NEF logs for error messages related to notification delivery failures or fatal log entries.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44319. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart