Description
A vulnerability was determined in Open5GS up to 2.7.7. This affects the function handle_amf_info in the library /lib/sbi/nnrf-handler.c of the component nf-instances Endpoint. Executing a manipulation of the argument nf_info_pool can lead to resource consumption. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. Applying a patch is advised to resolve this issue. The issue report is flagged as already-fixed.
Published: 2026-05-30
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The bug is located in the function handle_amf_info within the Open5GS nf-instances Endpoint (nnrf-handler.c). Manipulating the nf_info_pool argument can trigger excessive resource consumption, which can degrade or halt the service handling user plane instance management. This exhaustion of system resources represents a classic Denial of Service attack.

Affected Systems

Open5GS installations using versions up to 2.7.7 are affected. The vulnerability resides in the nfi‑instances component supplied by the Open5GS project. No other vendor products are listed as affected.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, and the exploit is possible from a remote source. EPSS data are not available and the vulnerability is not in the CISA KEV catalog, but the issue has been publicly disclosed and could be leveraged by an attacker to consume network or system resources remotely. The lack of a public exploit does not negate the risk; patching remains the recommended mitigation.

Generated by OpenCVE AI on May 31, 2026 at 01:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a fixed Open5GS release (v2.7.8 or newer) that contains the handle_amf_info resource‑consumption fix.
  • Restrict exposure of the nf‑instances Endpoint to trusted networks only, or place it behind a firewall or VPN to limit remote reach.
  • Configure system resource limits—such as cgroups or container quotas—on nf‑instances to cap memory and CPU usage and prevent a single compromised instance from exhausting resources.
  • Monitor resource metrics for nf‑instances, set alerts for abnormal spikes in memory or CPU consumption, and investigate any unexpected usage patterns promptly.

Generated by OpenCVE AI on May 31, 2026 at 01:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 31 May 2026 00:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in Open5GS up to 2.7.7. This affects the function handle_amf_info in the library /lib/sbi/nnrf-handler.c of the component nf-instances Endpoint. Executing a manipulation of the argument nf_info_pool can lead to resource consumption. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. Applying a patch is advised to resolve this issue. The issue report is flagged as already-fixed.
Title Open5GS nf-instances Endpoint nnrf-handler.c handle_amf_info resource consumption
First Time appeared Open5gs
Open5gs open5gs
Weaknesses CWE-400
CWE-404
CPEs cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*
Vendors & Products Open5gs
Open5gs open5gs
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Open5gs Open5gs
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-30T23:45:09.307Z

Reserved: 2026-05-30T06:04:59.295Z

Link: CVE-2026-10156

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-31T00:16:33.910

Modified: 2026-05-31T00:16:33.910

Link: CVE-2026-10156

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-31T01:30:36Z

Weaknesses