Description
A vulnerability was identified in Open5GS up to 2.7.6. This impacts an unknown function of the file src/amf/ngap-handler.c of the component NGAP PathSwitchRequest Message Handler. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The identifier of the patch is a188e36b1741ffc2252133f59b1bda4f14d3cb5c. It is suggested to install a patch to address this issue.
Published: 2026-05-31
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the NGAP PathSwitchRequest message handler allows an attacker to bypass authentication checks, enabling unauthorized use of the service. The weakness can be triggered remotely and a publicly available exploit exists. The impact is that a malicious entity could gain control of the interface that normally requires legitimate authentication, potentially exposing sensitive signaling and traffic.

Affected Systems

The vulnerability affects the Open5GS project, specifically versions up to and including 2.7.6. Any installation using those versions of the NGAP PathSwitchRequest handler is susceptible.

Risk and Exploitability

The CVSS score of 6.9 classifies the issue as moderate in severity, while EPSS data is currently unavailable and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is remote, exploiting the NGAP protocol via crafted PathSwitchRequest messages. Because the exploit is publicly available, threat actors may attempt to target vulnerable deployments without significant barriers.

Generated by OpenCVE AI on May 31, 2026 at 02:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Open5GS to version 2.7.7 or later or apply the patch identified by commit a188e36b1741ffc2252133f59b1bda4f14d3cb5c
  • Re‑enable authentication checks for NGAP PathSwitchRequest messages once the patch is applied
  • Monitor NGAP traffic logs for unexpected PathSwitchRequest attempts to detect attempts to bypass authentication

Generated by OpenCVE AI on May 31, 2026 at 02:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 31 May 2026 01:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in Open5GS up to 2.7.6. This impacts an unknown function of the file src/amf/ngap-handler.c of the component NGAP PathSwitchRequest Message Handler. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The identifier of the patch is a188e36b1741ffc2252133f59b1bda4f14d3cb5c. It is suggested to install a patch to address this issue.
Title Open5GS NGAP PathSwitchRequest Message ngap-handler.c improper authentication
First Time appeared Open5gs
Open5gs open5gs
Weaknesses CWE-287
CPEs cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*
Vendors & Products Open5gs
Open5gs open5gs
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Open5gs Open5gs
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-31T00:30:10.718Z

Reserved: 2026-05-30T06:05:02.777Z

Link: CVE-2026-10157

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-31T02:16:32.613

Modified: 2026-05-31T02:16:32.613

Link: CVE-2026-10157

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-31T03:00:10Z

Weaknesses