Perceptive Security
SOC/SIEM Consultancy
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF terminates the entire process when a stored PFD-subscription noti…
Published:
26 May 2026 at 22:00:00
Alert date:
27 May 2026 at 18:07:10
Source:
nvd.nist.gov
Network Infrastructure, Mobile & IoT, Critical Infrastructure
CVE-2026-44319 affects free5GC, an open-source 5G core network implementation. The vulnerability exists in versions prior to 4.2.2 where the NEF (Network Exposure Function) component terminates the entire process when a PFD-subscription notifyUri cannot be reached. An attacker can create a PFD subscription with a malicious notifyUri and trigger a PFD change to deterministically kill the NEF process. This results in a denial of service as the process exits with status 1, dropping NEF's entire SBI surface until manual restart. The vulnerability has been fixed in version 4.2.2.
Technical details
Mitigation steps:
Affected products:
free5GC
Related links:
https://nvd.nist.gov/vuln/detail/CVE-2026-44319
https://github.com/free5gc/free5gc/issues/924
https://github.com/free5gc/free5gc/security/advisories/GHSA-rxrq-fv76-26pr
https://github.com/free5gc/nef/commit/f110517b1189801950b50668a593398687049074
https://github.com/free5gc/nef/pull/25
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.