CVE-2026-44319
BaseFortify
Publication date: 2026-05-27
Last updated on: 2026-05-27
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| free5gc | free5gc | to 4.2.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
| CWE-617 | The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary. |
| CWE-755 | The product does not handle or incorrectly handles an exceptional condition. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability causes a denial of service (DoS) by crashing the free5GC NEF process when a notification URI is unreachable, resulting in the NEF service becoming unavailable until manually restarted.
While the CVE description and resources detail the availability impact, there is no direct information on how this affects compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
This vulnerability exists in free5GC, an open-source 5G core network implementation. Before version 4.2.2, the NEF (Network Exposure Function) component would terminate its entire process if it failed to reach a stored PFD-subscription notifyUri during notification delivery. Specifically, when the notifier attempts to send a notification and encounters a delivery error, it calls a fatal logging function that causes the process to exit immediately. An attacker who can create a PFD subscriptions with a malicious notifyUri and then trigger a PFD change can cause the NEF process to crash deterministically, resulting in the NEF service being unavailable until it is manually restarted.
How can this vulnerability impact me? :
The impact of this vulnerability is a denial of service (DoS) condition on the NEF component of the free5GC 5G core network. An attacker can cause the NEF process to exit unexpectedly, which drops the entire SBI (Service-Based Interface) surface of NEF. This means that NEF will be unavailable to handle requests or provide its services until the process is restarted, potentially disrupting network operations and service availability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade free5GC to version 4.2.2 or later, where the issue is fixed.
Avoid using attacker-controlled notifyUri values in PFD subscriptions to prevent triggering the process exit.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring the NEF process for unexpected crashes or exits with status code 1, especially after PFD subscription changes.
Specifically, if the NEF process terminates when attempting to deliver notifications to a notifyUri, it indicates the presence of this vulnerability.
To detect exploitation attempts, you can look for PFD subscriptions with suspicious or attacker-controlled notifyUri values, such as unreachable IP addresses or ports (e.g., http://127.0.0.1:1/notify).
Suggested commands to detect the issue include:
- Check NEF process status and recent exits: `systemctl status free5gc-nef` or `docker ps` and `docker logs <nef-container>` if running in Docker.
- Monitor system logs for NEF crashes or fatal errors related to PFD notifications.
- Use network monitoring tools (e.g., tcpdump, Wireshark) to detect POST requests creating PFD subscriptions with suspicious notifyUri values.
- Search the NEF logs for error messages related to notification delivery failures or fatal log entries.