Is Null Pointer Dereference affected by CVE-2026-2062?

Organizations using Open5GS should be aware of moderate risk from CVE-2026-2062 rated CVSS 5.3. Exploitation could compromise the security of affected deployments. Proof-of-concept code is publicly available. A patch is available and should be applied during regular vulnerability management.

CVE-2026-2062

MEDIUM

2026-02-06 [email protected]

5.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 11, 2026 - 19:02 vuln.today

Public exploit code

Patch Released

Feb 11, 2026 - 19:02 nvd

Patch available

CVE Published

Feb 06, 2026 - 19:16 nvd

MEDIUM 5.3

Description

A vulnerability was identified in Open5GS up to 2.7.6. This affects the function sgwc_s5c_handle_modify_bearer_response/sgwc_sxa_handle_session_modification_response of the component PGW S5U Address Handler. The manipulation leads to null pointer dereference. The attack can be initiated remotely. The exploit is publicly available and might be used. The identifier of the patch is f1bbd7b57f831e2a070780a7d8d5d4c73babdb59. Applying a patch is the recommended action to fix this issue.

Analysis

Open5GS versions up to 2.7.6 suffer from a null pointer dereference in the PGW S5U Address Handler component that can be triggered remotely without authentication, resulting in denial of service. Public exploit code exists for this vulnerability, and administrators should apply the available patch immediately.

Remediation

Within 30 days: Identify affected systems running Open5GS and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +26

POC: +20

CVE-2026-2062 vulnerability details – vuln.today

Back

CVE-2026-2062

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-2062

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code