Skip to main content
CVE-2026-8224 MEDIUM This Month

Denial of service in Open5GS up to version 2.7.7 allows remote unauthenticated attackers to crash the Policy Control Function (PCF) by manipulating the SmPolicyContextData.ipv6AddressPrefix parameter in the pcf_sess_set_ipv6prefix function. The vulnerability has publicly available exploit code and was disclosed despite vendor non-responsiveness, making it a known attack vector against 5G service provider infrastructure.

Denial Of Service Open5gs
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-8223 MEDIUM This Month

Denial of service in Open5GS up to version 2.7.7 via manipulation of the pcf_sess_sbi_discover_and_send function in the sm-policies endpoint allows remote unauthenticated attackers to disrupt service availability. Publicly available exploit code exists, and the upstream project has not yet issued a patch despite early notification via issue report.

Denial Of Service Open5gs
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-8222 MEDIUM This Month

Remote denial of service in Open5GS up to version 2.7.7 affects the sm-policies endpoint's pcf_nbsf_management_handle_register function, allowing unauthenticated network attackers to trigger a crash or service disruption with low attack complexity. Publicly available exploit code exists and the vendor was notified early but has not released a fix.

Denial Of Service Open5gs
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-45179 MEDIUM PATCH This Month

Plack::Middleware::Statsd versions before 0.9.0 leak user IP addresses to unsecured statsd daemons via unencrypted UDP communication. Remote unauthenticated attackers on the same network as the statsd daemon can intercept plaintext IP addresses transmitted by the middleware. Version 0.9.0 and later disable IP logging by default and use HMAC signatures when logging is enabled, eliminating the exposure.

Information Disclosure Plack
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-8232 MEDIUM This Month

Denial of service in Dotouch XproUPF 2.0.0 through manipulation of the vlib_worker_loop function in libvlib.so allows local authenticated attackers to crash the UPF process. The vulnerability has CVSS 5.1 (AV:A/AC:L/PR:L) and targets availability rather than confidentiality or integrity. No public exploit code or active exploitation has been confirmed; the vendor was notified early during responsible disclosure.

Denial Of Service Xproupf
NVD VulDB
CVSS 4.0
5.1
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy