Skip to main content

Open5GS CVE-2026-8267

| EUVD-2026-29024 LOW
Improper Resource Shutdown or Release (CWE-404)
2026-05-11 VulDB GHSA-gwx7-3cpr-h65f
Denial Of Service
2.1
CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Severity Changed
May 11, 2026 - 04:22 NVD
MEDIUM LOW
CVSS changed
May 11, 2026 - 04:22 NVD
4.3 (MEDIUM) 2.1 (LOW)
Analysis Generated
May 11, 2026 - 03:45 vuln.today
CVE Published
May 11, 2026 - 03:00 nvd
MEDIUM 4.3

DescriptionNVD

A flaw has been found in Open5GS up to 2.7.7. This vulnerability affects the function smf_nsmf_handle_created_data_in_vsmf of the component SMF. This manipulation causes denial of service. The attack may be initiated remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Remote authenticated denial of service in Open5GS up to version 2.7.7 affects the SMF (Session Management Function) component, specifically in the smf_nsmf_handle_created_data_in_vsmf function. An authenticated attacker can remotely trigger a denial of service condition by sending crafted requests. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-8267 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy