Skip to main content

Open5GS EUVD-2026-28479

| CVE-2026-8121 LOW
Improper Resource Shutdown or Release (CWE-404)
2026-05-08 VulDB GHSA-m782-cq9r-w5vf
Denial Of Service
2.1
CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Analysis Generated
May 08, 2026 - 01:30 vuln.today
Severity Changed
May 08, 2026 - 01:22 NVD
MEDIUM LOW
CVSS changed
May 08, 2026 - 01:22 NVD
4.3 (MEDIUM) 2.1 (LOW)
CVE Published
May 08, 2026 - 00:30 nvd
LOW 2.1

DescriptionNVD

A vulnerability has been found in Open5GS up to 2.7.7. The impacted element is the function ogs_sbi_parse_plmn_list in the library /lib/sbi/conv.c of the component NSSF. The manipulation leads to denial of service. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Denial of service in Open5GS up to version 2.7.7 allows authenticated remote attackers to crash the NSSF (Network Slice Selection Function) component via a crafted PLMN list in the SBI (Service Based Interface) parser. The vulnerability exists in the ogs_sbi_parse_plmn_list function within /lib/sbi/conv.c and has been publicly disclosed with exploit code available; the vendor has not yet released a patch despite early notification.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-28479 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy