CVE-2026-10565 - Vulnerability Details

- Open5GS NGAP Handover gmm-sm.c gmm_state_security_mode race condition

Description

A security flaw has been discovered in Open5GS up to 2.7.6. The impacted element is the function gmm_state_security_mode of the file src/amf/gmm-sm.c of the component NGAP Handover. Performing a manipulation results in race condition. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is regarded as difficult. The exploit has been released to the public and may be used for attacks. The pull request to fix this issue awaits acceptance.

Published: 2026-06-02

Score: 2.3 Low

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Open5GS up to version 2.7.6 contains a race condition in the function gmm_state_security_mode of the NGAP handover component. A malicious actor can trigger the condition by sending crafted messages, leading to unpredictable behavior during handover. The bug is remote, the required complexity is high and the exploitation difficulty is considered difficult, yet an exploit has already been released to the public. The CVSS score of 2.3 indicates a low overall severity.

Affected Systems

The vulnerability affects the Open5GS project’s AMF component, specifically the gmm_state_security_mode routine. All installations using Open5GS versions up to and including 2.7.6 are susceptible; newer releases are not indicated as vulnerable.

Risk and Exploitability

With a CVSS score of 2.3 and no EPSS data available, the current risk is low, and the vulnerability is not listed in CISA’s KEV catalog. The likely attack path requires remote delivery of a specially crafted NGAP handover request, and even though the public exploit exists, the complexity threshold keeps active exploitation unlikely at present. Continued monitoring for attempts and awaiting an official fix is advisable.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

Open5GS

affected

Version	Status	Constraints
`2.7.0`	affected	—
`2.7.1`	affected	—
`2.7.2`	affected	—
`2.7.3`	affected	—
`2.7.4`	affected	—
`2.7.5`	affected	—
`2.7.6`	affected	—

No data.

Vendor Product Confidence Versions

Open5gs

95%

Version	Status	Scheme	Platform
`[2.7.0,2.7.6]`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Check the Open5GS project website for a released patch or official announcement, and apply the update as soon as it is available.
Restrict access to the NGAP handover interface from uncontrolled networks to reduce the attack surface while a fix is pending.
Continuously monitor AMF logs and network traffic for abnormal handover activity and block any offending sources detected.

Generated by OpenCVE AI on June 2, 2026 at 03:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity High

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity High

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00041.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/open5gs/open5gs/
https://github.com/open5gs/open5gs/issues/4497
https://github.com/open5gs/open5gs/pull/4501
https://github.com/user-attachments/files/27111025/N2-SMC-Concurrent.zip
https://vuldb.com/cve/CVE-2026-10565
https://vuldb.com/submit/818938
https://vuldb.com/vuln/367672
https://vuldb.com/vuln/367672/cti

History

Tue, 02 Jun 2026 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 02 Jun 2026 02:30:00 +0000

Type	Values Removed	Values Added
Description		A security flaw has been discovered in Open5GS up to 2.7.6. The impacted element is the function gmm_state_security_mode of the file src/amf/gmm-sm.c of the component NGAP Handover. Performing a manipulation results in race condition. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is regarded as difficult. The exploit has been released to the public and may be used for attacks. The pull request to fix this issue awaits acceptance.
Title		Open5GS NGAP Handover gmm-sm.c gmm_state_security_mode race condition
First Time appeared		Open5gs Open5gs open5gs
Weaknesses		CWE-362
CPEs		cpe:2.3:a:open5gs:open5gs::::::::
Vendors & Products		Open5gs Open5gs open5gs
References		https://github.com/open5gs/open5gs/ https://github.com/open5gs/open5gs/issues/4497 https://github.com/open5gs/open5gs/pull/4501 https://github.com/user-attachments/files/27111025/N2-SMC-Concurrent.zip https://vuldb.com/cve/CVE-2026-10565 https://vuldb.com/submit/818938 https://vuldb.com/vuln/367672 https://vuldb.com/vuln/367672/cti
Metrics		cvssV2_0 `{'score': 2.1, 'vector': 'AV:N/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:C'}` cvssV3_0 `{'score': 3.1, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C'}` cvssV3_1 `{'score': 3.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C'}` cvssV4_0 `{'score': 2.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Open5gs Open5gs

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-06-02T01:30:09.909Z

Updated: 2026-06-02T12:22:53.847Z

Reserved: 2026-06-01T16:31:37.602Z

Link: CVE-2026-10565

Vulnrichment

Updated: 2026-06-02T12:22:47.504Z

NVD

Status : Deferred

Published: 2026-06-02T03:16:16.053

Modified: 2026-06-02T13:03:31.153

Link: CVE-2026-10565

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-02T03:30:26Z

Weaknesses

CWE-362

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity High

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object