CVE-2026-44319

Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2

Description The Network Exposure Function (NEF) in free5GC terminates the entire process when a stored PFD-subscription notifyUri cannot be reached. This occurs within the PfdChangeNotifier.FlushNotifications() function, where the notifier calls NnefPFDmanagementNotify(). If a delivery error occurs, the system invokes logger.PFDManageLog.Fatal(err), which is equivalent to os.Exit(1) in Go, causing the process to exit with status 1 and dropping the entire Service Based Interface (SBI) surface until a restart occurs.

An attacker can exploit this by creating a PFD subscription with a chosen unreachable notifyUri and then triggering a PFD change. The delivery attempt happens asynchronously, meaning the triggering request may return a success code before the NEF process terminates. This results in a complete loss of availability for the NEF service.

Recommendations Update to version 4.2.2. As a temporary workaround, restrict access to the NEF SBI surface to trusted sources to prevent unauthorized users from creating PFD subscriptions with malicious notifyUri values.