Description
A vulnerability has been found in Open5GS up to 2.7.7. This issue affects the function gmm_handle_service_request of the file /src/amf/gmm-handler.c of the component AMF. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-05-03
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw occurs in the gmm_handle_service_request function of Open5GS's AMF module and allows an attacker to send manipulated service requests that cause the process to crash, resulting in a denial of service. The vulnerability is triggered by remote network traffic, and the exploit has already been publicly disclosed.

Affected Systems

Open5GS deployments running version 2.7.7 or earlier are affected. The impact is limited to the AMF component within the Open5GS software stack.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity. EPSS data is unavailable and the vulnerability is not listed in CISA KEV. The attack vector is remote, and the public disclosure makes it accessible to adversaries. Although no active exploit has been observed, the denial of service can disrupt critical network services.

Generated by OpenCVE AI on May 3, 2026 at 23:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Open5GS to a version that includes the fix for CVE-2026-7706.
  • Limit access to the AMF interface through firewalls or access-control lists to reduce exposure to remote attackers.
  • Implement monitoring of AMF logs for repeated or malformed service requests and configure automated alerts or service restarts when thresholds are exceeded.

Generated by OpenCVE AI on May 3, 2026 at 23:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 03 May 2026 22:30:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in Open5GS up to 2.7.7. This issue affects the function gmm_handle_service_request of the file /src/amf/gmm-handler.c of the component AMF. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Title Open5GS AMF gmm-handler.c gmm_handle_service_request denial of service
First Time appeared Open5gs
Open5gs open5gs
Weaknesses CWE-404
CPEs cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*
Vendors & Products Open5gs
Open5gs open5gs
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Open5gs Open5gs
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-03T22:15:11.110Z

Reserved: 2026-05-03T07:21:48.076Z

Link: CVE-2026-7706

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-03T23:16:41.850

Modified: 2026-05-03T23:16:41.850

Link: CVE-2026-7706

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-03T23:30:31Z

Weaknesses