Skip to main content

Open5GS EUVD-2026-28960

| CVE-2026-8224 MEDIUM
Improper Resource Shutdown or Release (CWE-404)
2026-05-10 cna@vuldb.com GHSA-x82j-9gmv-pv8w
Denial Of Service Open5gs
5.5
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
May 10, 2026 - 03:30 vuln.today
CVE Published
May 10, 2026 - 03:16 nvd
MEDIUM 5.5

DescriptionCVE.org

A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function pcf_sess_set_ipv6prefix of the file /src/pcf/context.c of the component PCF. Executing a manipulation of the argument SmPolicyContextData.ipv6AddressPrefix can lead to denial of service. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Denial of service in Open5GS up to version 2.7.7 allows remote unauthenticated attackers to crash the Policy Control Function (PCF) by manipulating the SmPolicyContextData.ipv6AddressPrefix parameter in the pcf_sess_set_ipv6prefix function. The vulnerability has publicly available exploit code and was disclosed despite vendor non-responsiveness, making it a known attack vector against 5G service provider infrastructure.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft malformed IPv6 prefix payload
Delivery
Send policy context update to PCF endpoint
Exploit
PCF parses SmPolicyContextData without validation
Execution
Trigger exception in pcf_sess_set_ipv6prefix
Persist
PCF component crashes or hangs
Impact
Service denial to 5G subscribers
Sign in to reveal

Vulnerability AssessmentAI

Exploitation The vulnerability requires network-level access to the PCF service endpoint that accepts SmPolicyContextData policy context updates. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment This vulnerability presents moderate but concrete risk to 5G deployments. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker on the internet sends a crafted policy control request to the Open5GS PCF service with a malformed SmPolicyContextData.ipv6AddressPrefix field (e.g., invalid prefix length or malicious string payload). The PCF's pcf_sess_set_ipv6prefix function processes this input without proper validation, triggering an exception or resource exhaustion that crashes or hangs the PCF component. …
Remediation No vendor-released patch has been confirmed at time of analysis due to vendor non-responsiveness. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-28960 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy