CVE-2026-1521 - Vulnerability Details

- Open5GS SGWC s5c-handler.c denial of service

Description

A security flaw has been discovered in Open5GS up to 2.7.6. This affects the function sgwc_s5c_handle_bearer_resource_failure_indication of the file src/sgwc/s5c-handler.c of the component SGWC. Performing a manipulation results in denial of service. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The patch is named 69b53add90a9479d7960b822fc60601d659c328b. It is recommended to apply a patch to fix this issue.

Published: 2026-01-28

Score: 6.9 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

This vulnerability resides in the SGWC component’s sgwc_s5c_handle_bearer_resource_failure_indication function in Open5GS up to version 2.7.6. By sending a crafted Bearer Resource Failure Indication message, an attacker can trigger a denial of service that halts the SGWC process. The flaw can be initiated remotely and the exploit is publicly available, allowing a malicious actor to shut down Open5GS services and disrupt connectivity for connected eNodeBs and user equipment.

Affected Systems

Affected systems are Open5GS deployments running any version up to and including 2.7.6. The vulnerability is specific to the SGWC module, which manages control‑plane communication between the Serving Gateway and the MME. All standard releases within this range are vulnerable unless patched.

Risk and Exploitability

The CVSS score of 6.9 reflects a moderate severity denial of service. The EPSS score below 1% indicates a low likelihood of mass exploitation at present, and the vulnerability is not listed in CISA’s KEV catalog. Nevertheless, the remote attack vector and public availability of the exploit mean that a network exposed to potential adversaries could be targeted. Because the flaw causes a process crash, affected systems will continue to be unavailable until a reboot or patch is applied, making it a high‑priority issue for mission‑critical environments.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

Open5GS

affected

Version	Status	Constraints
`2.7.0`	affected	—
`2.7.1`	affected	—
`2.7.2`	affected	—
`2.7.3`	affected	—
`2.7.4`	affected	—
`2.7.5`	affected	—
`2.7.6`	affected	—

Configuration 1 [-]

cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
Open5gs	Open5gs	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the official patch from commit 69b53add90a9479d7960b822fc60601d659c328b to your Open5GS installation.
Upgrade to a version newer than 2.7.6 where the issue is fixed.
Verify that SGWC services are only reachable from authorized networks and restrict unnecessary remote access.

Generated by OpenCVE AI on April 18, 2026 at 01:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00097.

Exploitation poc

Automatable yes

Technical Impact partial

References

Link	Providers
https://github.com/open5gs/open5gs/
https://github.com/open5gs/open5gs/commit/69b53add90a9479d7960b822fc60601d659c328b
https://github.com/open5gs/open5gs/issues/4268
https://github.com/open5gs/open5gs/issues/4268#event-21989483261
https://github.com/open5gs/open5gs/issues/4268#issue-3795012861
https://vuldb.com/?ctiid.343192
https://vuldb.com/?id.343192
https://vuldb.com/?submit.738370

History

Mon, 23 Feb 2026 09:15:00 +0000

Type	Values Removed	Values Added
References		https://github.com/open5gs/open5gs/

Mon, 02 Feb 2026 19:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:open5gs:open5gs::::::::

Thu, 29 Jan 2026 10:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Open5gs Open5gs open5gs
Vendors & Products		Open5gs Open5gs open5gs

Wed, 28 Jan 2026 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 28 Jan 2026 15:00:00 +0000

Type	Values Removed	Values Added
Description		A security flaw has been discovered in Open5GS up to 2.7.6. This affects the function sgwc_s5c_handle_bearer_resource_failure_indication of the file src/sgwc/s5c-handler.c of the component SGWC. Performing a manipulation results in denial of service. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The patch is named 69b53add90a9479d7960b822fc60601d659c328b. It is recommended to apply a patch to fix this issue.
Title		Open5GS SGWC s5c-handler.c denial of service
Weaknesses		CWE-404
References		https://github.com/open5gs/open5gs/commit/69b53add90a9479d7960b822fc60601d659c328b https://github.com/open5gs/open5gs/issues/4268 https://github.com/open5gs/open5gs/issues/4268#event-21989483261 https://github.com/open5gs/open5gs/issues/4268#issue-3795012861 https://vuldb.com/?ctiid.343192 https://vuldb.com/?id.343192 https://vuldb.com/?submit.738370
Metrics		cvssV2_0 `{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C'}` cvssV3_0 `{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C'}` cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Open5gs Open5gs

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-01-28T14:32:10.348Z

Updated: 2026-02-23T09:00:17.635Z

Reserved: 2026-01-28T10:11:36.410Z

Link: CVE-2026-1521

Vulnrichment

Updated: 2026-01-28T16:11:17.484Z

NVD

Status : Modified

Published: 2026-01-28T15:16:17.493

Modified: 2026-02-23T09:16:56.800

Link: CVE-2026-1521

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T01:45:33Z

Weaknesses

CWE-404

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Exploitation poc

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object