CVE-2026-2522 - Vulnerability Details

- Open5GS MME esm-build.c memory corruption

Description

A security vulnerability has been detected in Open5GS up to 2.7.6. Impacted is an unknown function of the file /src/mme/esm-build.c of the component MME. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Published: 2026-02-15

Score: 6.9 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The flaw resides in src/mme/esm-build.c in Open5GS versions up to 2.7.6. It allows an attacker to manipulate an unknown function that results in memory corruption, which could enable arbitrary code execution or service disruption and affect the confidentiality, integrity, or availability of the 5G core network. The weakness is classified as CWE-119, a classic buffer access or manipulation vulnerability.

Affected Systems

Vendors: Open5GS. Product: the MME component of the Open5GS 5G core network. Versions up to and including 2.7.6 are affected; no patch has been released yet.

Risk and Exploitability

CVSS score 6.9 indicates moderate severity. The EPSS score is less than 1%, suggesting a low exploitation probability, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote; an attacker would need to send specially crafted traffic to the MME service to trigger the memory corruption. Because the flaw remains unpatched, systems that expose the MME to external networks face higher risk and should monitor for suspicious activities while awaiting a fix.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

Open5GS

affected

Version	Status	Constraints
`2.7.0`	affected	—
`2.7.1`	affected	—
`2.7.2`	affected	—
`2.7.3`	affected	—
`2.7.4`	affected	—
`2.7.5`	affected	—
`2.7.6`	affected	—

Configuration 1 [-]

cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Open5gs

—

Version	Status	Scheme	Platform
`2.7.0`	affected	semver	—
`2.7.1`	affected	semver	—
`2.7.2`	affected	semver	—
`2.7.3`	affected	semver	—
`2.7.4`	affected	semver	—
`2.7.5`	affected	semver	—
`2.7.6`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Check for and install the latest Open5GS release that includes a fix for the memory corruption in esm-build.c, or apply a vendor‑supplied patch if one becomes available.
If no fix exists yet, isolate the MME service from untrusted external traffic by configuring firewall rules or network segmentation so that only trusted nodes can reach the MME endpoint.
Enable detailed logging and real‑time monitoring for the MME component, and consider deploying mandatory access control mechanisms such as SELinux or AppArmor to contain any potential compromise.

Generated by OpenCVE AI on April 17, 2026 at 19:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00113.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/open5gs/open5gs/
https://github.com/open5gs/open5gs/issues/4283
https://github.com/open5gs/open5gs/issues/4283#issue-3807916595
https://vuldb.com/?ctiid.346110
https://vuldb.com/?id.346110
https://vuldb.com/?submit.738336

History

Wed, 18 Feb 2026 19:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:open5gs:open5gs::::::::

Tue, 17 Feb 2026 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 16 Feb 2026 12:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Open5gs Open5gs open5gs
Vendors & Products		Open5gs Open5gs open5gs

Sun, 15 Feb 2026 23:45:00 +0000

Type	Values Removed	Values Added
Description		A security vulnerability has been detected in Open5GS up to 2.7.6. Impacted is an unknown function of the file /src/mme/esm-build.c of the component MME. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Title		Open5GS MME esm-build.c memory corruption
Weaknesses		CWE-119
References		https://github.com/open5gs/open5gs/ https://github.com/open5gs/open5gs/issues/4283 https://github.com/open5gs/open5gs/issues/4283#issue-3807916595 https://vuldb.com/?ctiid.346110 https://vuldb.com/?id.346110 https://vuldb.com/?submit.738336
Metrics		cvssV2_0 `{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Open5gs Open5gs

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-02-15T23:32:06.700Z

Updated: 2026-02-23T10:02:47.219Z

Reserved: 2026-02-15T08:38:26.971Z

Link: CVE-2026-2522

Vulnrichment

Updated: 2026-02-17T17:22:10.457Z

NVD

Status : Analyzed

Published: 2026-02-16T00:16:07.550

Modified: 2026-02-18T19:42:15.990

Link: CVE-2026-2522

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-17T19:30:15Z

Weaknesses

CWE-119

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object