CVE-2026-44330 affects free5GC, an open-source 5G core network implementation. Prior to version 4.2.2, the Network Exposure Function (NEF) component mounts the nnef-pfdmanagement route group without proper OAuth2/bearer-token authorization. Network attackers who can reach the NEF on the Service Based Interface (SBI) can exploit this by using forged or arbitrary bearer tokens to unauthorized access PFD application data and manipulate notification subscriptions. The vulnerability stems from missing inbound authentication middleware on the route group. This is particularly concerning as the affected route group is declared in the production runtime ServiceList, meaning operators expect it to be protected by OAuth2 authorization. The issue has been resolved in version 4.2.2.