Skip to main content

Open5GS CVE-2026-8225

| EUVD-2026-28973 MEDIUM
Improper Resource Shutdown or Release (CWE-404)
2026-05-10 VulDB GHSA-9v4p-7hgj-vmrq
Denial Of Service
5.5
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
CVSS changed
May 10, 2026 - 05:22 NVD
5.3 (MEDIUM) 5.5 (MEDIUM)
Analysis Generated
May 10, 2026 - 05:15 vuln.today
CVE Published
May 10, 2026 - 03:15 nvd
MEDIUM 5.3

DescriptionNVD

A vulnerability was identified in Open5GS up to 2.7.7. This affects the function pcf_npcf_smpolicycontrol_handle_delete of the file src/pcf/sm-sm.c of the component delete Endpoint. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Denial of service in Open5GS up to version 2.7.7 allows remote unauthenticated attackers to crash the Policy Control Function (PCF) service by sending crafted requests to the delete endpoint in the SM policy control handler (pcf_npcf_smpolicycontrol_handle_delete). The vulnerability has a publicly available proof of concept and impacts the availability of 5G network policy enforcement, though the vendor has not yet released a patch despite early notification.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-8225 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy