Skip to main content

Open5GS EUVDEUVD-2026-29001

| CVE-2026-8248 LOW
Improper Resource Shutdown or Release (CWE-404)
2026-05-10 VulDB GHSA-jj2p-w4f3-jmgm
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Severity Changed
May 10, 2026 - 23:22 NVD
MEDIUM LOW
CVSS changed
May 10, 2026 - 23:22 NVD
4.3 (MEDIUM) 2.1 (LOW)
Analysis Generated
May 10, 2026 - 23:00 vuln.today
CVE Published
May 10, 2026 - 22:15 nvd
MEDIUM 4.3

DescriptionCVE.org

A vulnerability was detected in Open5GS up to 2.7.7. The affected element is the function update_authorized_pcc_rule_and_qos of the file /src/smf/npcf-handler.c of the component SMF. The manipulation results in denial of service. The attack may be launched remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Denial of service in Open5GS up to version 2.7.7 allows authenticated remote attackers to crash the Service Mobility Function (SMF) component via manipulation of the update_authorized_pcc_rule_and_qos function in npcf-handler.c. Publicly available exploit code exists, and the vendor has not released a patch despite early notification through issue tracking.

Technical ContextAI

Open5GS is an open-source implementation of the 5G core network, with the SMF (Service Mobile Function) responsible for session management and policy control. The vulnerability resides in the Policy and Charging Control Function (NPCF) handler, specifically in npcf-handler.c, which manages authorization rules and Quality of Service (QoS) parameters. CWE-404 (Improper Resource Validation) indicates the root cause involves failure to properly validate resources or inputs when updating PCC rules, potentially leading to resource exhaustion, null pointer dereferences, or similar conditions that cause the SMF process to terminate.

RemediationAI

No vendor-released patch is currently available at the time of analysis. The recommended immediate action is to restrict network access to the SMF component to trusted internal networks only, limiting exposure to authenticated attackers. Implement network segmentation to isolate the NPCF interface from untrusted sources and configure firewall rules to block unauthorized access to the SMF's NPCF handler endpoints. If feasible, disable or restrict the NPCF functionality if not critical to your deployment, though this may impact policy-based charging and QoS enforcement. Monitor the GitHub repository (https://github.com/open5gs/open5gs) and VulDB (https://vuldb.com/vuln/362545) for security updates. As a longer-term mitigation, consider upgrading to a patched version once available, or evaluating alternative 5G core implementations with active security response. Note that restricting NPCF access may limit dynamic QoS and charging policy application in multi-operator environments.

CVE-2024-40130 CRITICAL POC
9.8 Jul 16

open5gs v2.6.4 is vulnerable to Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl

CVE-2024-40129 CRITICAL POC
9.8 Jul 16

Open5GS v2.6.4 is vulnerable to Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl

CVE-2021-28122 CRITICAL POC
9.8 Mar 10

A request-validation issue was discovered in Open5GS 2.1.3 through 2.2.x before 2.2.1. Rated critical severity (CVSS 9.8

CVE-2021-25863 HIGH POC
8.8 Jan 26

Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account. Rated high severity (CVS

CVE-2023-37023 HIGH POC
8.6 Jan 22

Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `Uplink NAS Transport` packet handler. Rated high sev

CVE-2023-37021 HIGH POC
8.6 Jan 22

Open5GS MME version <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the

CVE-2023-37020 HIGH POC
8.6 Jan 22

Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the

CVE-2023-37019 HIGH POC
8.6 Jan 22

Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the

CVE-2023-37018 HIGH POC
8.6 Jan 22

Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the

CVE-2023-37017 HIGH POC
8.6 Jan 22

Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the

CVE-2023-37016 HIGH POC
8.6 Jan 22

Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the

CVE-2023-37015 HIGH POC
8.6 Jan 22

Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the

Share

EUVD-2026-29001 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy