CVE-2026-44315 affects free5GC, an open-source 5G core network implementation. Prior to version 4.2.2, the Network Exposure Function (NEF) component mounts the 3gpp-pfd-management API without proper OAuth2/bearer-token authorization. Network attackers who can reach the NEF on the Service Based Interface (SBI) can create, read, and delete PFD-management transaction state using forged or arbitrary bearer tokens. The vulnerability is particularly concerning because the route group remains accessible even when operators believe they have disabled the service via configuration. This represents a critical authorization bypass in 5G infrastructure that could allow unauthorized access to network management functions. The issue has been fixed in version 4.2.2.