Description
Ericsson
Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling
of Missing Values (CWE-230) vulnerability where an attacker continuously
sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers from the crashes when the attack stops.
Published: 2026-06-05
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an Improper Handling of Missing Values that allows an attacker to send a specially crafted message repeatedly to an Ericsson Packet Core Gateway (PCG) system. Repeated attacks lead to service degradation or crashes, and the impact persists only while the attack continues; when the attacker stops, the system recovers automatically. The weakness is classified as CWE‑230 and results in a denial‑of‑service type of failure rather than a compromise of confidentiality or integrity.

Affected Systems

The affected product is Ericsson Packet Core Gateway (PCG) versions prior to 1.30. Any installation using a version older than 1.30 is vulnerable.

Risk and Exploitability

The CVSS base score of 7.1 indicates moderate to high severity. The EPSS score is currently unavailable, and the vulnerability is not listed in the CISA KEV catalog, suggesting no known widespread exploitation yet. Inference shows that the likely attack vector is remote, over the network, by continuously injecting crafted messages into the PCG traffic flow. Since the system can recover after the attacker stops, the primary threat is sustained denial of service, making this a high operational risk for operators unable to mitigate traffic or update promptly.

Generated by OpenCVE AI on June 5, 2026 at 13:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Ericsson Packet Core Gateway patch to version 1.30 or later; this resolves the improper handling of missing values that leads to service degradation.
  • Validate incoming PCG messages or implement packet filtering rules to reject packets with missing or malformed fields before they reach the gateway logic.
  • Configure network traffic shaping or rate limiting on the PCG interfaces to reduce the impact of sustained crafted traffic and to provide an additional safety net until a fixed version is deployed.

Generated by OpenCVE AI on June 5, 2026 at 13:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 11:45:00 +0000

Type Values Removed Values Added
Description Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Missing Values (CWE-230) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers from the crashes when the attack stops.
Title Ericsson Packet Core Gateway (PCG) - Improper handling of missing values Vulnerability
Weaknesses CWE-230
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: ERIC

Published:

Updated: 2026-06-05T11:08:39.929Z

Reserved: 2026-02-04T12:41:54.869Z

Link: CVE-2026-25659

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-05T12:16:38.050

Modified: 2026-06-05T12:16:38.050

Link: CVE-2026-25659

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T13:30:36Z

Weaknesses