Description
A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function handle_scp_info in the library lib/sbi/nnrf-handler.c of the component Shared NF-profile Parser. This manipulation causes out-of-bounds write. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. To fix this issue, it is recommended to deploy a patch.
Published: 2026-05-30
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in Open5GS's Shared NF‑Profile Parser, specifically the handle_scp_info function in lib/sbi/nnrf-handler.c. It allows an attacker to perform an out‑of‑bounds write on the stack, which can corrupt data or potentially enable arbitrary code execution. This weakness is classified as CWE‑119 and CWE‑787.

Affected Systems

Open5GS deployments running version 2.7.7 or earlier are vulnerable. The affected component is the NNRF handler in the Open5GS open source suite. No commercial vendor is involved beyond the open source community.

Risk and Exploitability

The CVSS score is 5.3, indicating moderate risk. Remote exploitation is possible and has been publicly disclosed, but the EPSS score is not yet available. The vulnerability is not listed in the CISA KEV catalog, suggesting no widespread exploitation reports at this time. Attackers can trigger the issue remotely via the NNRF component; therefore organizations should assess exposure and apply the available patch promptly.

Generated by OpenCVE AI on May 30, 2026 at 11:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Deploy the Open5GS patch that corrects the handle_scp_info out‑of‑bounds write in lib/sbi/nnrf-handler.c
  • Limit external access to the NNRF interface or place it behind a firewall until the patch is applied
  • Continuously monitor HTTP traffic logs for abnormal NER or SCP request patterns that could indicate exploitation attempts

Generated by OpenCVE AI on May 30, 2026 at 11:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 30 May 2026 10:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function handle_scp_info in the library lib/sbi/nnrf-handler.c of the component Shared NF-profile Parser. This manipulation causes out-of-bounds write. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. To fix this issue, it is recommended to deploy a patch.
Title Open5GS Shared NF-profile nnrf-handler.c handle_scp_info out-of-bounds write
First Time appeared Open5gs
Open5gs open5gs
Weaknesses CWE-119
CWE-787
CPEs cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*
Vendors & Products Open5gs
Open5gs open5gs
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Open5gs Open5gs
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-30T10:00:09.547Z

Reserved: 2026-05-29T17:15:12.056Z

Link: CVE-2026-10114

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-30T11:17:05.510

Modified: 2026-05-30T11:17:05.510

Link: CVE-2026-10114

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-30T13:15:23Z

Weaknesses