Description
A security flaw has been discovered in Open5GS 2.7.6. This issue affects the function smf_gx_cca_cb/smf_gy_cca_cb/smf_s6b of the component CCA Message Handler. The manipulation results in denial of service. The attack may be launched remotely. Attacks of this nature are highly complex. The exploitability is assessed as difficult. The exploit has been released to the public and may be used for attacks.
Published: 2026-03-27
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch Immediately
AI Analysis

Impact

The vulnerability resides in the CCA Message Handler component of Open5GS, specifically the smf_gx_cca_cb, smf_gy_cca_cb, and smf_s6b functions. A malformed or unauthorized message can trigger a crash of the SMF module, leading to a denial of service for traffic routed through that component. The flaw can be invoked remotely, although it requires a sophisticated attack scenario and is considered difficult to exploit. If successfully exploited, the attacker can interrupt service availability to subscribed users, disrupting connectivity in a mobile networking environment.

Affected Systems

Open5GS version 2.7.6 is affected. No other versions are listed in the CNA data, so the risk window is limited to installations of this particular release.

Risk and Exploitability

The CVSS score of 6.3 indicates a moderate severity, while the EPSS value of less than 1% suggests a low likelihood of widespread exploitation at present. The vulnerability is not included in the CISA KEV catalog. The exploit has been released publicly, and attacks of this nature are highly complex. Accounted for the remote attack vector and the need for targeted credentials or configuration, the overall risk remains moderate to high for systems running the vulnerable Open5GS release.

Generated by OpenCVE AI on March 30, 2026 at 18:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Open5GS patch that addresses the CCA Message Handler crash issue
  • Verify that the smf component has been updated to the fixed version
  • Restart the Open5GS services to load the new code
  • If a patch is unavailable, restrict external access to the SMF interfaces via network segmentation or firewall rules

Generated by OpenCVE AI on March 30, 2026 at 18:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 30 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 30 Mar 2026 17:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:open5gs:open5gs:2.7.6:*:*:*:*:*:*:*

Sat, 28 Mar 2026 03:15:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in Open5GS 2.7.6. This issue affects the function smf_gx_cca_cb/smf_gy_cca_cb/smf_s6b of the component CCA Message Handler. The manipulation results in denial of service. The attack may be launched remotely. Attacks of this nature are highly complex. The exploitability is assessed as difficult. The exploit has been released to the public and may be used for attacks.
Title Open5GS CCA Message smf_s6b denial of service
First Time appeared Open5gs
Open5gs open5gs
Weaknesses CWE-404
CPEs cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*
Vendors & Products Open5gs
Open5gs open5gs
References
Metrics cvssV2_0

{'score': 2.6, 'vector': 'AV:N/AC:H/Au:N/C:N/I:N/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 3.7, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Open5gs Open5gs
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-30T17:42:11.269Z

Reserved: 2026-03-27T12:55:11.605Z

Link: CVE-2026-4988

cve-icon Vulnrichment

Updated: 2026-03-30T17:42:05.016Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-27T22:16:23.533

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-4988

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-30T20:56:59Z

Weaknesses