CVE-2026-7587 - Vulnerability Details

- Open5GS AMF nsmf-handler.c amf_nsmf_pdusession_handle_update_sm_context denial of service

Description

A vulnerability has been found in Open5GS up to 2.7.7. This vulnerability affects the function amf_nsmf_pdusession_handle_update_sm_context of the file /src/amf/nsmf-handler.c of the component AMF. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Published: 2026-05-01

Score: 5.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A flaw in the AMF component of Open5GS permits an attacker to provide crafted input to the amf_nsmf_pdusession_handle_update_sm_context function, causing the AMF process to become unresponsive. The weakness is classified as CWE-404, a missing resource handling issue, leading directly to a loss of service availability for users depending on the 5G core network controls.

Affected Systems

The vulnerability affects Open5GS deployments up through version 2.7.7. Any installation of Open5GS with the AMF module exposed to external networks may be impacted. The affected product is the Open5GS AMF service; exact subcomponent is the nsmf-handler.c file within the AMF module.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity denial‑of‑service condition. EPSS data is unavailable, so the exact likelihood of exploitation cannot be quantified; however, because the vulnerability can be triggered remotely, the attack surface remains high. The issue is not documented in CISA’s KEV catalog, suggesting no known active exploit kits yet, but the public disclosure and lack of vendor response raise concerns that attackers could craft custom attacks.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

Open5GS

affected

Version	Status	Constraints
`2.7.0`	affected	—
`2.7.1`	affected	—
`2.7.2`	affected	—
`2.7.3`	affected	—
`2.7.4`	affected	—
`2.7.5`	affected	—
`2.7.6`	affected	—
`2.7.7`	affected	—

No data.

Vendor Product Confidence Versions

Open5gs

95%

Version	Status	Scheme	Platform
`2.7.0`	affected	semver	—
`2.7.1`	affected	semver	—
`2.7.2`	affected	semver	—
`2.7.3`	affected	semver	—
`2.7.4`	affected	semver	—
`2.7.5`	affected	semver	—
`2.7.6`	affected	semver	—
`2.7.7`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Open5GS to a released version that contains the AMF patch, such as 2.8 or later, to eliminate the denial‑of‑service trigger.
Restrict network access to the AMF service by applying firewall rules or network segmentation, limiting remote entities that can reach the amf_nsmf_pdusession_handle_update_sm_context endpoint.
Deploy monitoring on AMF logs and metrics to detect anomalous update‑session requests and respond to potential denial‑of‑service attempts proactively.

Generated by OpenCVE AI on May 1, 2026 at 22:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00039.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/open5gs/open5gs/
https://github.com/open5gs/open5gs/issues/4408
https://vuldb.com/submit/804339
https://vuldb.com/vuln/360540
https://vuldb.com/vuln/360540/cti

History

Fri, 01 May 2026 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 01 May 2026 17:00:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability has been found in Open5GS up to 2.7.7. This vulnerability affects the function amf_nsmf_pdusession_handle_update_sm_context of the file /src/amf/nsmf-handler.c of the component AMF. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Title		Open5GS AMF nsmf-handler.c amf_nsmf_pdusession_handle_update_sm_context denial of service
First Time appeared		Open5gs Open5gs open5gs
Weaknesses		CWE-404
CPEs		cpe:2.3:a:open5gs:open5gs::::::::
Vendors & Products		Open5gs Open5gs open5gs
References		https://github.com/open5gs/open5gs/ https://github.com/open5gs/open5gs/issues/4408 https://vuldb.com/submit/804339 https://vuldb.com/vuln/360540 https://vuldb.com/vuln/360540/cti
Metrics		cvssV2_0 `{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Open5gs Open5gs

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-05-01T16:45:09.996Z

Updated: 2026-05-01T19:30:13.093Z

Reserved: 2026-05-01T09:28:17.486Z

Link: CVE-2026-7587

Vulnrichment

Updated: 2026-05-01T19:30:00.871Z

NVD

Status : Awaiting Analysis

Published: 2026-05-01T17:16:25.633

Modified: 2026-05-01T20:22:29.633

Link: CVE-2026-7587

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-01T23:00:14Z

Weaknesses

CWE-404

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object