CVE-2026-44318

Name of the Vulnerable Software and Affected Versions free5GC BSF version 4.2.1

Description An unsynchronized write occurs on the global Subscriptions map within the BSF handler for the endpoint '/nbsf-management/v1/subscriptions/{subId}'. While the handler reads the map using a read-lock via the GetSubscription() function, the ReplaceIndividualSubcription() function writes to the same map without acquiring a mutex when a subscription does not exist. Under concurrent authenticated PUT requests, this leads to a concurrent map read and map write, causing the Go runtime to trigger a non-recoverable fatal error that terminates the process. This results in a denial-of-service (DoS) where the entire BSF service becomes unavailable until it is restarted. The attack requires a valid nbsf-management OAuth2 access token and targets the subId variable.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.