Description
Ericsson
Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling
of Missing Values (CWE-230) vulnerability where an attacker continuously
sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers from the crashes when the attack stops.
Published: 2026-06-05
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an improper handling of missing values that allows an attacker to send a specially crafted message to the Ericsson Packet Core Gateway; continuous sends cause the gateway to degrade service temporarily. While the gateway does not crash permanently, the interruption persists as long as the malicious traffic continues, resulting in degraded performance for legitimate traffic.

Affected Systems

Vulnerable versions are all releases of Ericsson Packet Core Gateway earlier than 1.30. Organizations using those versions should verify their deployment and plan to update to 1.30 or later. No specific patch details are publicly listed, but the vendor indicates that versions below 1.30 are affected.

Risk and Exploitability

The CVSS score of 7.1 classifies this as a high severity issue, and although EPSS data is missing, the lack of vulnerability may still allow attackers to monetize continuous service disruption. The vulnerability is not currently listed in the CISA KEV catalog, suggesting it has not been widely exploited yet. Attackers would need to repeatedly send crafted traffic over the network to the PCG; the likely vector is the external radio access network interface, which implies that network-level access can trigger degradation.

Generated by OpenCVE AI on June 5, 2026 at 12:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Ericsson Packet Core Gateway version 1.30 or later to eliminate the flaw
  • Implement network monitoring to detect abnormal message rates targeting the PCG
  • Apply rate limiting or traffic shaping to mitigate continuous crafted message flooding

Generated by OpenCVE AI on June 5, 2026 at 12:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 11:45:00 +0000

Type Values Removed Values Added
Description Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Missing Values (CWE-230) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers from the crashes when the attack stops.
Title Ericsson Packet Core Gateway (PCG) - Improper handling of missing values Vulnerability
Weaknesses CWE-230
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: ERIC

Published:

Updated: 2026-06-05T11:06:27.504Z

Reserved: 2026-02-04T12:41:54.869Z

Link: CVE-2026-25658

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-05T12:16:37.907

Modified: 2026-06-05T12:16:37.907

Link: CVE-2026-25658

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T12:30:40Z

Weaknesses