CVE-2026-4531 is a vulnerability discovered in Free5GC version 4.1.0, an open-source 5G core network implementation widely used for research, development, and some production environments. The vulnerability resides in the Access and Mobility Management Function (AMF) component, specifically within the HandleRegistrationComplete function located in the internal/gmm/handler.go source file. This function processes the registration completion messages from user equipment (UE). Due to improper handling of certain inputs or state conditions, an attacker can remotely manipulate the registration completion process to trigger a denial of service, causing the AMF to crash or become unresponsive. The vulnerability requires no authentication, no user interaction, and can be exploited over the network, making it relatively easy to exploit. The CVSS 4.0 base score is 6.9, reflecting a medium severity level primarily due to the impact on availability and the ease of exploitation. The vulnerability does not impact confidentiality or integrity. The vendor has released a patch identified by commit 52e9386401ce56ea773c5aa587d4cdf7d53da799 to address this issue. No public exploits or active exploitation have been reported to date. Given the critical role of the AMF in 5G core networks for managing UE registration and mobility, this vulnerability could disrupt network availability and degrade service quality if exploited.

The primary impact of CVE-2026-4531 is denial of service against the AMF component of Free5GC 4.1.0, which can lead to unavailability of 5G core network services. This disruption can prevent legitimate user equipment from completing registration, thereby blocking access to 5G network services including voice, data, and signaling. For organizations relying on Free5GC for 5G core infrastructure—such as telecom operators, research institutions, and private 5G network deployments—this could result in significant service outages and degraded user experience. The lack of authentication and remote exploitability increases the risk of automated attacks or large-scale exploitation attempts. While no known exploits exist currently, the vulnerability could be leveraged by threat actors to cause network instability or as part of a broader attack campaign targeting 5G infrastructure. This could have cascading effects on critical communications, IoT services, and enterprise connectivity dependent on 5G networks.

To mitigate CVE-2026-4531, organizations should immediately apply the official patch released by the Free5GC project, identified by commit 52e9386401ce56ea773c5aa587d4cdf7d53da799, which fixes the vulnerability in the HandleRegistrationComplete function. Beyond patching, network operators should implement strict network segmentation and access controls to limit exposure of the AMF to untrusted networks. Deploying anomaly detection and rate limiting on registration completion messages can help detect and mitigate potential exploitation attempts. Regularly monitoring Free5GC logs and system health metrics for signs of crashes or abnormal behavior is recommended. Additionally, organizations should maintain up-to-date backups and have incident response plans tailored for 5G core network components to quickly recover from potential DoS incidents. Finally, consider deploying Free5GC in high-availability configurations to minimize service disruption in case of component failure.