Description
A weakness has been identified in Open5GS up to 2.7.6. This issue affects the function sgwc_s5c_handle_create_session_response of the component SGW-C. Executing a manipulation can lead to memory corruption. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-02-15
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Memory Corruption via Remote Session Response
Action: Immediate Patching
AI Analysis

Impact

A buffer overflow vulnerability exists in the SGW‑C component of Open5GS up to version 2.7.6, linked to the sgwc_s5c_handle_create_session_response function. This flaw can corrupt memory when the function processes crafted Create Session Response messages, potentially allowing an attacker to compromise the server process. The documented weakness is a classic out‑of‑bounds write (CWE‑119).

Affected Systems

The affected software is Open5GS, specifically the SGW‑C module in releases up to and including 2.7.6. No other vendors or product versions are mentioned. The CVE notes that the issue is present in all 2.7.x versions processed by this function.

Risk and Exploitability

The CVSS base score of 6.9 indicates moderate severity; the EPSS score is <1%, suggesting low but non‑zero likelihood of exploitation. Public proof‑of‑concept code is available, and the vulnerability can be triggered remotely, meaning that an attacker only needs network access to the SGW‑C interface. Because the exploit can corrupt memory, it can lead to loss of confidentiality, integrity, or availability of the SGW‑C process, and potentially escalation to other network elements.

Generated by OpenCVE AI on April 17, 2026 at 19:18 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Open5GS to a version that incorporates the reported fix, or apply any official vendor patch once released.
  • If an upgrade is not immediately possible, restrict external access to the SGW‑C interfaces and enforce strict authentication to limit potential attackers.
  • Implement runtime monitoring of SGW‑C logs for anomalous Create Session Response handling and set up alerts for unexpected memory failure patterns.
  • Apply general memory protection practices such as enabling stack canaries, address space layout randomization (ASLR), and bounds checking in the Build configuration if the source is available.

Generated by OpenCVE AI on April 17, 2026 at 19:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 18 Feb 2026 19:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*

Tue, 17 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Open5gs
Open5gs open5gs
Vendors & Products Open5gs
Open5gs open5gs

Sun, 15 Feb 2026 23:15:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in Open5GS up to 2.7.6. This issue affects the function sgwc_s5c_handle_create_session_response of the component SGW-C. Executing a manipulation can lead to memory corruption. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Title Open5GS SGW-C sgwc_s5c_handle_create_session_response memory corruption
Weaknesses CWE-119
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Open5gs Open5gs
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T10:02:34.816Z

Reserved: 2026-02-15T08:36:09.388Z

Link: CVE-2026-2521

cve-icon Vulnrichment

Updated: 2026-02-17T17:22:40.585Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-15T23:16:05.803

Modified: 2026-02-18T19:42:51.673

Link: CVE-2026-2521

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T19:30:15Z

Weaknesses