Description
A weakness has been identified in Open5GS up to 2.7.7. Affected is the function ogs_id_get_value of the file /src/amf/nudm-handler.c of the component AMF. This manipulation causes denial of service. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-05-01
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in Open5GS allows an attacker to trigger a denial of service by manipulating the ogs_id_get_value function in nudm-handler.c. The weakness, classified as CWE-404, can be exploited remotely; a public exploit is already available. The flaw leads to a server crash, interrupting service availability for users dependent on the AMF component.

Affected Systems

The vulnerability affects the Open5GS project, specifically its AMF component. Versions up to and including 2.7.7 are listed as affected. No other product or version information is provided.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. Because remote exploitation is feasible and a known public exploit exists, the risk of service disruption remains significant for environments running the affected Open5GS versions.

Generated by OpenCVE AI on May 1, 2026 at 22:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the Open5GS project for a newer release that addresses the bug. Packages with the fix should be installed as soon as they are available.
  • If an updated release is not yet available, restrict external access to the AMF interface (e.g., firewall rules or NAT) to mitigate the ability of unauthenticated attackers to reach the vulnerable endpoint.
  • Consider implementing additional request throttling or session limits on the AMF service to reduce the impact of a DoS attempt until a proper patch can be applied.

Generated by OpenCVE AI on May 1, 2026 at 22:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 01 May 2026 16:15:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in Open5GS up to 2.7.7. Affected is the function ogs_id_get_value of the file /src/amf/nudm-handler.c of the component AMF. This manipulation causes denial of service. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Title Open5GS AMF nudm-handler.c ogs_id_get_value denial of service
First Time appeared Open5gs
Open5gs open5gs
Weaknesses CWE-404
CPEs cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*
Vendors & Products Open5gs
Open5gs open5gs
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:C'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Open5gs Open5gs
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-01T16:00:12.356Z

Reserved: 2026-05-01T08:44:23.137Z

Link: CVE-2026-7586

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-01T16:16:33.677

Modified: 2026-05-01T20:22:29.633

Link: CVE-2026-7586

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T23:00:14Z

Weaknesses