Is github.com/free5gc/bsf affected by CVE-2026-44318?

Go github.com/free5gc/bsf is affected in <1.0.2.

Is CVE-2026-44318 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.2%.

medium

CVE-2026-44318

Q: Is CVE-2026-44318 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.2%.

Go · github.com/free5gc/bsf

Summary

free5GC's BSF concurrent PUT /nbsf-management/v1/subscriptions/{subId} crashes the BSF process via concurrent map read/write on Subscriptions in github.com/free5gc/bsf

Severity: medium
EPSS: 0.2% (p16)
Also known as: GHSA-27ph-8q4f-h7m7, GO-2026-4994
Published: 2026-05-20

References

https://github.com/free5gc/free5gc/security/advisories/GHSA-27ph-8q4f-h7m7
https://github.com/free5gc/bsf/commit/277908565fd628d974a13ef562b81a8b7b519ffa
https://github.com/free5gc/bsf/pull/7

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.