CVE-2026-7518 - Vulnerability Details

- Open5GS AMF SBI Endpoint sdmsubscription-notify amf_namf_callback_handle_sdm_data_change_notify denial of service

Description

A flaw has been found in Open5GS up to 2.7.7. This issue affects the function amf_namf_callback_handle_sdm_data_change_notify of the file /namf-callback/v1/{id}/sdmsubscription-notify of the component AMF SBI Endpoint. This manipulation of the argument changeItem.newValue causes denial of service. The attack can be initiated remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Published: 2026-05-01

Score: 5.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability resides in the amf_namf_callback_handle_sdm_data_change_notify function of the Open5GS AMF SBI Endpoint. Manipulating the changeItem.newValue parameter can cause a denial of service to the AMF service. The attack can be started remotely and published exploits exist. The effect is a disruption of the 5G network core component, leading to service unavailability for users relying on that service.

Affected Systems

All Open5GS deployments that use the AMF SBI Endpoint and are running version 2.7.7 or earlier are affected. The flaw appears through the /namf-callback/v1/{id}/sdmsubscription-notify endpoint.

Risk and Exploitability

The CVSS score is 5.3 indicating a moderate risk. The EPSS score is less than 1% but an exploit has already been published and can be executed remotely. The vulnerability is not listed in the CISA KEV catalog, so there is no official warning yet. Based on the description, it is inferred that an attacker with network access to the AMF endpoint could repeatedly probe the service and trigger a denial of service until the system is patched or protected.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

Open5GS

affected

Version	Status	Constraints
`2.7.0`	affected	—
`2.7.1`	affected	—
`2.7.2`	affected	—
`2.7.3`	affected	—
`2.7.4`	affected	—
`2.7.5`	affected	—
`2.7.6`	affected	—
`2.7.7`	affected	—

No data.

Vendor Product Confidence Versions

Open5gs

95%

Version	Status	Scheme	Platform
`2.7.0`	affected	semver	—
`2.7.1`	affected	semver	—
`2.7.2`	affected	semver	—
`2.7.3`	affected	semver	—
`2.7.4`	affected	semver	—
`2.7.5`	affected	semver	—
`2.7.6`	affected	semver	—
`2.7.7`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply any vendor patch or upgrade to the newest Open5GS release that contains the fix for the AMF SBI Endpoint flaw.
If a patch is not yet released, restrict access to the /namf-callback endpoint by applying firewall rules or network segmentation so only trusted nodes can reach it.
Monitor AMF logs for unexpected changeItem.newValue requests and alert on repeated patterns that may indicate exploitation attempts.

Generated by OpenCVE AI on May 2, 2026 at 07:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00015.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/open5gs/open5gs/
https://github.com/open5gs/open5gs/issues/4395
https://vuldb.com/submit/804023
https://vuldb.com/vuln/360332
https://vuldb.com/vuln/360332/cti

History

Fri, 01 May 2026 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 01 May 2026 01:15:00 +0000

Type	Values Removed	Values Added
Description		A flaw has been found in Open5GS up to 2.7.7. This issue affects the function amf_namf_callback_handle_sdm_data_change_notify of the file /namf-callback/v1/{id}/sdmsubscription-notify of the component AMF SBI Endpoint. This manipulation of the argument changeItem.newValue causes denial of service. The attack can be initiated remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Title		Open5GS AMF SBI Endpoint sdmsubscription-notify amf_namf_callback_handle_sdm_data_change_notify denial of service
First Time appeared		Open5gs Open5gs open5gs
Weaknesses		CWE-404
CPEs		cpe:2.3:a:open5gs:open5gs::::::::
Vendors & Products		Open5gs Open5gs open5gs
References		https://github.com/open5gs/open5gs/ https://github.com/open5gs/open5gs/issues/4395 https://vuldb.com/submit/804023 https://vuldb.com/vuln/360332 https://vuldb.com/vuln/360332/cti
Metrics		cvssV2_0 `{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Open5gs Open5gs

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-05-01T00:30:11.710Z

Updated: 2026-05-01T21:25:39.233Z

Reserved: 2026-04-30T16:26:06.204Z

Link: CVE-2026-7518

Vulnrichment

Updated: 2026-05-01T21:25:35.301Z

NVD

Status : Deferred

Published: 2026-05-01T01:16:17.307

Modified: 2026-05-01T15:26:24.553

Link: CVE-2026-7518

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-02T08:00:14Z

Weaknesses

CWE-404

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object