Skip to main content

Open5GS EUVD-2026-26727

| CVE-2026-7601 MEDIUM
Improper Resource Shutdown or Release (CWE-404)
2026-05-02 VulDB
Denial Of Service Open5gs
5.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

7
Source Code Evidence Fetched
May 02, 2026 - 03:30 vuln.today
Analysis Generated
May 02, 2026 - 03:30 vuln.today
CVSS changed
May 02, 2026 - 03:22 NVD
4.3 (MEDIUM) 5.3 (MEDIUM)
EUVD ID Assigned
May 02, 2026 - 03:00 euvd
EUVD-2026-26727
Analysis Generated
May 02, 2026 - 03:00 vuln.today
Patch released
May 02, 2026 - 03:00 nvd
Patch available
CVE Published
May 02, 2026 - 02:00 nvd
MEDIUM 5.3

DescriptionCVE.org

A vulnerability has been found in Open5GS up to 2.7.6. Affected is an unknown function of the file src/amf/gmm-handler.c of the component AMF. The manipulation of the argument reg_type leads to denial of service. The attack is possible to be carried out remotely. Upgrading to version 2.7.7 is able to address this issue. The identifier of the patch is ebc66942b6f8f1fab2d640e71cf4e9f1a423b426. It is advisable to upgrade the affected component.

AnalysisAI

Denial of service in Open5GS AMF (Access and Mobility Function) up to version 2.7.6 allows authenticated remote attackers to cause service unavailability by sending crafted registration requests with manipulated reg_type arguments. The vulnerability exists in the GMM (Mobility Management) handler due to insufficient validation of registration type values, potentially triggering null pointer dereferences or assertion failures. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
UE sends crafted REGISTRATION REQUEST
Delivery
AMF parses NAS message with invalid reg_type
Exploit
gmm_handle_registration_request() skips normalization
Execution
Null pointer or assertion triggered
Persist
AMF process crashes or becomes unresponsive
Impact
Registration queue backs up and legitimate UEs denied service
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Authentication required: attacker must have valid credentials or a compromised UE context to send NAS messages to the AMF (PR:L per CVSS). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/PR:L/UI:N/VA:L) indicates network-accessible denial of service requiring low-complexity authenticated access with low impact on availability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated attacker or compromised UE sends a 5G registration request (REGISTRATION REQUEST NAS message) to the AMF with a malformed or reserved registration_type value (e.g., reg_type=0 or other undefined encodings per 3GPP specs). The AMF's gmm_handle_registration_request() function in src/amf/gmm-handler.c fails to normalize this invalid value, causing it to be used in conditional logic without proper initialization checks. …
Remediation Upgrade Open5GS to version 2.7.7 or later immediately, as vendor-released patch is available per https://github.com/open5gs/open5gs/releases/tag/v2.7.7. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-26727 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy