Description
A vulnerability was identified in Open5GS up to 2.7.7. This affects an unknown part in the library lib/sbi/nnrf-handler.c of the component Shared NF-profile Parser. Such manipulation leads to denial of service. The attack can be launched remotely. The exploit is publicly available and might be used. It is advisable to implement a patch to correct this issue.
Published: 2026-05-30
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability resides in the lib/sbi/nnrf-handler.c file of the Shared NF-profile Parser component of Open5GS. Manipulation of an unknown part of this library triggers a denial of service, causing the system to become unresponsive. The failure occurs when the component processes a crafted request, which leads to a crash or hung state. The exploit is available publicly and can be executed remotely against exposed network interfaces.

Affected Systems

Affected products are the Open5GS project, specifically any deployment of Open5GS up to version 2.7.7. The problem arises in the Shared NF-profile Parser module and therefore applies to installations that use the default configuration for the nNfR component.

Risk and Exploitability

The CVSS score of 5.3 places this issue in the medium severity range. EPSS data is unavailable, but the public availability of the exploit and the remote attack vector indicate a realistic threat. Because it is not listed in the CISA KEV catalog, the exposure is not currently monitored by that program, but the vulnerability remains actionable. The risk can be mitigated by applying the official patch or upgrading to a newer release where the flaw is corrected.

Generated by OpenCVE AI on May 30, 2026 at 11:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Open5GS patch published on GitHub (commit 4527) or upgrade to version 2.7.8 or later.
  • Configure firewall rules to restrict access to the nNfR interface to trusted networks only.
  • Continuously monitor system logs for repeated attempts to trigger the denial condition and apply additional hardening as needed.

Generated by OpenCVE AI on May 30, 2026 at 11:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 30 May 2026 10:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in Open5GS up to 2.7.7. This affects an unknown part in the library lib/sbi/nnrf-handler.c of the component Shared NF-profile Parser. Such manipulation leads to denial of service. The attack can be launched remotely. The exploit is publicly available and might be used. It is advisable to implement a patch to correct this issue.
Title Open5GS Shared NF-profile nnrf-handler.c denial of service
First Time appeared Open5gs
Open5gs open5gs
Weaknesses CWE-404
CPEs cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*
Vendors & Products Open5gs
Open5gs open5gs
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Open5gs Open5gs
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-30T10:15:07.447Z

Reserved: 2026-05-29T17:15:14.632Z

Link: CVE-2026-10115

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-30T11:17:05.807

Modified: 2026-05-30T11:17:05.807

Link: CVE-2026-10115

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-30T12:30:22Z

Weaknesses