CVE-2026-44319
high
CVSS v3
7.5
CVSS v2
—
VIR risk
7.5
Description
free5GC's NEF crashes via logger.Fatal on PFD notification delivery failure (attacker-controlled notifyUri)
Predictions
Exploit likelihood
83%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Go | github.com/free5gc/nef | <1.2.3 | 1.2.3 |
| GO | github.com/free5gc/nef | < 1.2.3 | 1.2.3 |
References
- https://github.com/free5gc/free5gc/security/advisories/GHSA-rxrq-fv76-26pr
- https://github.com/free5gc/free5gc/issues/924
- https://github.com/free5gc/nef/pull/25
- https://github.com/free5gc/nef/commit/f110517b1189801950b50668a593398687049074
- https://github.com/free5gc/free5gc
- https://github.com/advisories/GHSA-rxrq-fv76-26pr
CWEs
CWE-20 CWE-617 CWE-755
Verify integrity in audit chain (admin only). AS-IS.