CVE-2026-4531 identifies a denial of service vulnerability in Free5GC version 4.1.0, an open-source 5G core network implementation. The vulnerability exists in the Access and Mobility Management Function (AMF) component, specifically within the HandleRegistrationComplete function located in the internal/gmm/handler.go source file. This function processes the registration completion messages from user equipment (UE). An attacker can remotely send specially crafted messages that manipulate this function, causing the AMF to malfunction and leading to a denial of service condition. The vulnerability does not require any authentication or user interaction, making it accessible to remote attackers without prior access. The flaw impacts the availability of the 5G core network services managed by Free5GC, potentially disrupting subscriber registration and mobility management. The vulnerability was assigned CVSS version 4.0 with a score of 6.9, indicating a medium severity level. The attack vector is network-based (AV:N), with low attack complexity (AC:L), and no privileges or user interaction required (PR:N, UI:N). The vulnerability affects only Free5GC version 4.1.0, and a patch has been released to address the issue. No known exploits have been reported in the wild as of the publication date. Given Free5GC's role in 5G core networks, this vulnerability could affect telecommunications providers and enterprises deploying private 5G networks using this software.

The primary impact of CVE-2026-4531 is a denial of service condition in the Free5GC 5G core network component AMF, which is critical for subscriber registration and mobility management. Disruption of the AMF can lead to service outages, preventing user equipment from successfully registering or maintaining connectivity on the 5G network. This can degrade network availability, affecting end-user experience and potentially causing operational disruptions for service providers. Organizations relying on Free5GC for their 5G core infrastructure, including telecom operators and enterprises deploying private 5G networks, could face service interruptions, customer dissatisfaction, and potential revenue loss. The ease of remote exploitation without authentication increases the risk of opportunistic attacks. Although no exploits are currently known in the wild, the vulnerability could be leveraged in targeted attacks or by malicious actors seeking to disrupt 5G services. The scope is limited to Free5GC version 4.1.0 deployments, but given the growing adoption of open-source 5G core solutions, the affected population could be significant in certain regions.

To mitigate CVE-2026-4531, organizations should promptly apply the official patch released for Free5GC version 4.1.0 that addresses the vulnerability in the HandleRegistrationComplete function. Network administrators should verify that their Free5GC deployments are updated to the patched version or later. Additionally, implementing network-level protections such as filtering and rate limiting on registration-related signaling messages can reduce the risk of exploitation by limiting anomalous traffic patterns. Monitoring and logging of AMF registration requests should be enhanced to detect unusual or malformed messages indicative of exploitation attempts. Employing intrusion detection systems (IDS) or intrusion prevention systems (IPS) with signatures targeting this vulnerability can provide early warning and automated response capabilities. For private 5G deployments, strict access controls and segmentation of the 5G core network from untrusted networks can further reduce exposure. Regular security assessments and vulnerability scanning of 5G core components are recommended to identify and remediate similar issues proactively.