Description
A vulnerability was determined in Open5GS up to 2.7.7. This vulnerability affects the function bsf_sess_add_by_ip_address of the file /nbsf-management/v1/pcfBindings of the component BSF. Executing a manipulation of the argument ipv4Addr can lead to denial of service. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-05-01
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A bug in the BSF component of Open5GS allows an attacker to cause a denial of service by sending a crafted ipv4Addr value to the bsf_sess_add_by_ip_address function. The vulnerability resides in the way the input is handled, leading to a crash or resource exhaustion. It represents a missing input validation weakness classified as CWE-404. An attacker who can send requests to the BSF management endpoint can exploit this flaw to interrupt service availability for the affected node.

Affected Systems

Open5GS Open5GS, all versions up to and including 2.7.7, are affected. No other vendors or products are listed.

Risk and Exploitability

The CVSS score of 6.9 indicates a medium severity. The EPSS score is not available, and the flaw is not listed in the CISA KEV catalog. The attack can be launched remotely via the BSF management interface, and a public exploit has been disclosed. An attacker who can reach the exposed endpoint could repeatedly trigger the bug, leading to sustained denial of service until the system is restarted or patched.

Generated by OpenCVE AI on May 1, 2026 at 04:45 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Open5GS to a patched release that addresses the BSF input validation issue (e.g., 2.8 or later).
  • If no patch is available immediately, apply a local code change or vendor-supplied snippet that validates ipv4Addr before passing it to bsf_sess_add_by_ip_address.
  • Restrict external access to the /nbsf-management/v1/pcfBindings endpoint, allowing only trusted hosts or VPN connections.
  • Monitor logs for unexpected crashes or repeated requests to the endpoint.

Generated by OpenCVE AI on May 1, 2026 at 04:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 01 May 2026 02:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in Open5GS up to 2.7.7. This vulnerability affects the function bsf_sess_add_by_ip_address of the file /nbsf-management/v1/pcfBindings of the component BSF. Executing a manipulation of the argument ipv4Addr can lead to denial of service. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
Title Open5GS BSF pcfBindings bsf_sess_add_by_ip_address denial of service
First Time appeared Open5gs
Open5gs open5gs
Weaknesses CWE-404
CPEs cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*
Vendors & Products Open5gs
Open5gs open5gs
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Open5gs Open5gs
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-01T01:15:11.824Z

Reserved: 2026-04-30T18:17:36.611Z

Link: CVE-2026-7536

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-01T02:16:04.347

Modified: 2026-05-01T02:16:04.347

Link: CVE-2026-7536

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T04:45:08Z

Weaknesses