Is there a public PoC exploit available for CVE-2026-8288?

Yes, a public proof-of-concept exploit is available for CVE-2026-8288. Prioritise patching immediately. EPSS: 0.1%.

Is there a patch available for CVE-2026-8288?

Yes, a patch is available for CVE-2026-8288. Update the affected software to the latest version immediately.

Open5GS CVE-2026-8288

Q: What is the CVSS score of CVE-2026-8288?

CVE-2026-8288 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-29050 LOW

Improper Resource Shutdown or Release (CWE-404)

2026-05-11 VulDB

GHSA-x779-6vcw-95p6

Denial Of Service

2.1

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

May 11, 2026 - 13:22 NVD

MEDIUM LOW

CVSS changed

May 11, 2026 - 13:22 NVD

4.3 (MEDIUM) 2.1 (LOW)

Source Code Evidence Fetched

May 11, 2026 - 12:45 vuln.today

Analysis Generated

May 11, 2026 - 12:45 vuln.today

CVE Published

May 11, 2026 - 12:15 nvd

MEDIUM 4.3

DescriptionNVD

A vulnerability was determined in Open5GS up to 2.7.7. This affects the function gsm_handle_pdu_session_modification_qos_flow_descriptions of the file src/smf/gsm-handler.c of the component SMF. Executing a manipulation of the argument n1SmMsg can lead to denial of service. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.

AnalysisAI

Denial of service in Open5GS SMF (Session Management Function) via crafted PDU Session Modification messages allows remote authenticated attackers to trigger unvalidated parameter processing in gsm_handle_pdu_session_modification_qos_flow_descriptions(), causing service disruption. The vulnerability stems from insufficient pre-validation of QoS flow parameter identifiers and bitrate units before state mutation, potentially leaving the SMF in an inconsistent state. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-8288 vulnerability details – vuln.today

Back