Skip to main content

Open5GS CVE-2026-7518

| EUVDEUVD-2026-26466 LOW
Improper Resource Shutdown or Release (CWE-404)
2026-05-01 cna@vuldb.com
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Analysis Generated
May 01, 2026 - 01:45 vuln.today
EUVD ID Assigned
May 01, 2026 - 01:22 euvd
EUVD-2026-26466
Analysis Generated
May 01, 2026 - 01:22 vuln.today
CVE Published
May 01, 2026 - 01:16 nvd
LOW 2.1

DescriptionCVE.org

A flaw has been found in Open5GS up to 2.7.7. This issue affects the function amf_namf_callback_handle_sdm_data_change_notify of the file /namf-callback/v1/{id}/sdmsubscription-notify of the component AMF SBI Endpoint. This manipulation of the argument changeItem.newValue causes denial of service. The attack can be initiated remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Denial of service in Open5GS AMF SBI Endpoint (versions up to 2.7.7) allows authenticated remote attackers to crash the service by manipulating the changeItem.newValue argument in the /namf-callback/v1/{id}/sdmsubscription-notify endpoint. CVSS score of 2.1 reflects low severity despite network accessibility, primarily due to availability impact limitation and authentication requirement. Exploit code is publicly available, though the vendor has not yet responded to the early notification.

Technical ContextAI

Open5GS is an open-source implementation of 3GPP core network protocols. The vulnerability exists in the AMF (Access and Mobility Management Function) Service-Based Interface (SBI) Endpoint, specifically in the callback handler for Subscription Data Management (SDM) notifications. The flaw is rooted in improper handling of the changeItem.newValue parameter (CWE-404: Improper Resource Validation), where malformed or unexpected data structures can trigger unhandled exceptions or resource exhaustion. This endpoint is part of the 5G Service-Based Architecture and receives callbacks from other network functions about subscription data changes.

RemediationAI

Upgrade Open5GS to a patched version released after early notification (vendor response pending; check GitHub releases for patch availability beyond 2.7.7). Until a patch is available, implement input validation at the network boundary by filtering malformed changeItem.newValue structures in SDM callbacks, or restrict AMF SBI endpoint callback access to trusted network function sources only via firewall/ACL rules. Monitor AMF service logs for repeated callback errors or crashes correlated with SDM subscription notifications and trigger alerts. Compensating control trade-off: restricting callback sources may break legitimate inter-function communication if misconfigured, so validate against your network topology before deployment. Temporary mitigation may include running the AMF in a container with automatic restart on crash, reducing availability impact but not eliminating the underlying flaw.

Share

CVE-2026-7518 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy