CVE-2026-7585 - Vulnerability Details

- Open5GS AMF nudm-handler.c amf_nudm_sdm_handle_provisioned denial of service

Description

A vulnerability was determined in Open5GS up to 2.7.7. The impacted element is the function amf_nudm_sdm_handle_provisioned of the file /src/amf/nudm-handler.c of the component AMF. Executing a manipulation can lead to denial of service. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.

Published: 2026-05-01

Score: 5.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A bug in the Open5GS access‑management function amf_nudm_sdm_handle_provisioned in nudm-handler.c allows an attacker to trigger a crash of the AMF service, resulting in a denial of service. The flaw is a resource handling error identified as CWE‑404. When exploitable input is processed, the AMF component restarts and becomes temporarily unavailable, which interrupts all 5G network services that rely on AMF messaging. This loss of availability is the primary effect noted in the advisory.

Affected Systems

The vulnerability affects Open5GS releases through version 2.7.7. All users running Linux builds of Open5GS that include the AMF component are impacted, while newer releases beyond 2.7.7 are not mentioned as affected.

Risk and Exploitability

The CVSS score of 5.3 indicates a medium severity level. No EPSS score is published, but the advisory states the exploit is publicly disclosed and can be launched remotely, suggesting a realistic risk in environments exposing the AMF endpoint. The vulnerability is not listed in CISA’s KEV catalog, so it has not yet attracted mass exploitation campaigns, yet the remote nature and lack of a patch response create a tangible risk for operators who expose AMF traffic to untrusted networks.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

Open5GS

affected

Version	Status	Constraints
`2.7.0`	affected	—
`2.7.1`	affected	—
`2.7.2`	affected	—
`2.7.3`	affected	—
`2.7.4`	affected	—
`2.7.5`	affected	—
`2.7.6`	affected	—
`2.7.7`	affected	—

No data.

Vendor Product Confidence Versions

Open5gs

95%

Version	Status	Scheme	Platform
`2.7.0`	affected	semver	—
`2.7.1`	affected	semver	—
`2.7.2`	affected	semver	—
`2.7.3`	affected	semver	—
`2.7.4`	affected	semver	—
`2.7.5`	affected	semver	—
`2.7.6`	affected	semver	—
`2.7.7`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest Open5GS patch or upgrade to a version beyond 2.7.7, which removes the vulnerability in amf_nudm_sdm_handle_provisioned.
Restrict external access to the AMF component by firewalling or placing it behind an intranet gateway to limit remote exploitation vectors.
Enable detailed logging for AMF requests and monitor logs for abnormal or repeated UDM provisioning calls that could indicate an attempted denial‑of‑service attack.

Generated by OpenCVE AI on May 1, 2026 at 22:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00057.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/open5gs/open5gs/
https://github.com/open5gs/open5gs/issues/4403
https://vuldb.com/submit/804334
https://vuldb.com/submit/804335
https://vuldb.com/submit/804337
https://vuldb.com/vuln/360533
https://vuldb.com/vuln/360533/cti

History

Fri, 01 May 2026 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 01 May 2026 15:30:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was determined in Open5GS up to 2.7.7. The impacted element is the function amf_nudm_sdm_handle_provisioned of the file /src/amf/nudm-handler.c of the component AMF. Executing a manipulation can lead to denial of service. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
Title		Open5GS AMF nudm-handler.c amf_nudm_sdm_handle_provisioned denial of service
First Time appeared		Open5gs Open5gs open5gs
Weaknesses		CWE-404
CPEs		cpe:2.3:a:open5gs:open5gs::::::::
Vendors & Products		Open5gs Open5gs open5gs
References		https://github.com/open5gs/open5gs/ https://github.com/open5gs/open5gs/issues/4403 https://vuldb.com/submit/804334 https://vuldb.com/submit/804335 https://vuldb.com/submit/804337 https://vuldb.com/vuln/360533 https://vuldb.com/vuln/360533/cti
Metrics		cvssV2_0 `{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Open5gs Open5gs

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-05-01T15:15:11.088Z

Updated: 2026-05-01T17:50:33.617Z

Reserved: 2026-05-01T08:07:13.572Z

Link: CVE-2026-7585

Vulnrichment

Updated: 2026-05-01T17:50:25.314Z

NVD

Status : Awaiting Analysis

Published: 2026-05-01T16:16:33.490

Modified: 2026-05-01T20:22:29.633

Link: CVE-2026-7585

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-01T23:00:14Z

Weaknesses

CWE-404

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object