Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
A security flaw has been discovered in Open5GS up to 2.7.7. This issue affects the function smf_nsmf_handle_update_data_in_vsmf of the file /src/smf/nsmf-handler.c of the component SMF. The manipulation results in denial of service. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
AnalysisAI
Denial of service in Open5GS through version 2.7.7 allows authenticated remote attackers to crash the Service Management Function (SMF) by manipulating the smf_nsmf_handle_update_data_in_vsmf function in nsmf-handler.c. Publicly available exploit code exists, and the project maintainers have not yet responded to the early disclosure notification despite awareness of the issue.
Technical ContextAI
Open5GS is an open-source 5G core network implementation. The vulnerability resides in the SMF (Service Management Function) component, specifically in the nsmf-handler.c file's update data handling routine. CWE-404 classifies this as an improper resource validation issue, suggesting the SMF fails to properly validate or constrain resources (such as message size, array bounds, or connection limits) when processing network slice management function (NSMF) update data requests. The remote attack vector indicates the flaw is reachable via network protocols used in 5G signaling (likely Nsmf service-based interface or similar N11 interface traffic).
RemediationAI
Upgrade Open5GS to a version newer than 2.7.7 if a patched release becomes available - check the official Open5GS repository and GitHub releases page regularly for updates. Until a patch is released, implement compensating controls: restrict network access to the SMF component via firewall rules to only authorized 5G network elements (AMF, other SMF instances, and NRF nodes); disable or isolate any untrusted or external SMF interfaces; monitor SMF process resource usage and implement automatic restart/alerting on abnormal CPU or memory spikes to detect denial-of-service attempts; apply strict rate-limiting or connection limits on Nsmf signaling interfaces; consider network segmentation to segregate the SMF from less-trusted network domains. These controls trade off some operational flexibility (stricter access policies, potential monitoring overhead) but significantly reduce the attack surface while a patch is pending.
open5gs v2.6.4 is vulnerable to Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl
Open5GS v2.6.4 is vulnerable to Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl
A request-validation issue was discovered in Open5GS 2.1.3 through 2.2.x before 2.2.1. Rated critical severity (CVSS 9.8
Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account. Rated high severity (CVS
Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `Uplink NAS Transport` packet handler. Rated high sev
Open5GS MME version <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the
Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the
Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the
Same weakness CWE-404 – Improper Resource Shutdown or Release
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29053
GHSA-4c5m-7x4h-hr3w