Skip to main content

Open5GS EUVD-2026-28958

| CVE-2026-8223 MEDIUM
Improper Resource Shutdown or Release (CWE-404)
2026-05-10 cna@vuldb.com GHSA-q4gr-3x5p-634j
Denial Of Service Open5gs
5.5
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
May 10, 2026 - 03:30 vuln.today
CVE Published
May 10, 2026 - 03:16 nvd
MEDIUM 5.5

DescriptionCVE.org

A vulnerability was found in Open5GS up to 2.7.7. Affected by this vulnerability is the function pcf_sess_sbi_discover_and_send of the component sm-policies Endpoint. Performing a manipulation results in denial of service. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Denial of service in Open5GS up to version 2.7.7 via manipulation of the pcf_sess_sbi_discover_and_send function in the sm-policies endpoint allows remote unauthenticated attackers to disrupt service availability. Publicly available exploit code exists, and the upstream project has not yet issued a patch despite early notification via issue report.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Attacker locates Open5GS PCF instance
Delivery
Sends crafted request to sm-policies endpoint
Exploit
Triggers improper resource validation in pcf_sess_sbi_discover_and_send
Execution
Function crashes or exhausts resources
Persist
PCF becomes unavailable
Impact
Session policy management fails
Sign in to reveal

Vulnerability AssessmentAI

Exploitation The vulnerability requires network access to the sm-policies endpoint of an Open5GS PCF instance (typically exposed on an internal or management network). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 5.5 with AV:N/AC:L/PR:N indicates low-complexity remote unauthenticated attack with limited availability impact (VA:L), placing this in the medium severity range rather than high. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker on the network sends a specially crafted manipulation payload to the sm-policies endpoint of the PCF component (network-accessible, no authentication required). The pcf_sess_sbi_discover_and_send function processes the malformed input without proper validation, triggering a crash or resource exhaustion condition that renders the PCF unavailable. …
Remediation Upgrade Open5GS to the next stable release after 2.7.7 once the upstream project releases a patched version; as of the time of this analysis, no vendor-released patch version has been confirmed. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-28958 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy