Description
A vulnerability was found in Open5GS up to 2.7.7. Impacted is the function udr_nudr_dr_handle_subscription_context of the file /src/udr/nudr-handler.c of the component UDR. The manipulation of the argument pei results in denial of service. The attack can be launched remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-05-03
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability in Open5GS version 2.7.7 and earlier affects the UDR component's udr_nudr_dr_handle_subscription_context function. By manipulating the pei argument, an attacker can cause a denial of service. The flaw can be exploited remotely and the exploit is publicly available.

Affected Systems

Affected systems are Open5GS deployments running versions up to 2.7.7. The issue resides in the UDR module, located in src/udr/nudr-handler.c. No patch has been publicly released, and the project has not yet responded to the issue report.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity. EPSS is not available, and the vulnerability is not listed in CISA KEV. However, the public nature of the exploit and the ability to launch the attack from a remote source raise the practical risk. Organizations should treat this as a potential DoS threat until an official fix or workaround is provided.

Generated by OpenCVE AI on May 3, 2026 at 23:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Monitor vendor releases for a security fix and apply updates when available.
  • Restrict network traffic to the UDR component using firewall rules and apply rate limiting on subscription context requests to mitigate DoS attempts.
  • Enable logging for subscription request handling and set alerts for abnormal request patterns or repeated failures, which may indicate an attempted DoS attack.

Generated by OpenCVE AI on May 3, 2026 at 23:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 03 May 2026 22:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in Open5GS up to 2.7.7. Impacted is the function udr_nudr_dr_handle_subscription_context of the file /src/udr/nudr-handler.c of the component UDR. The manipulation of the argument pei results in denial of service. The attack can be launched remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
Title Open5GS UDR nudr-handler.c udr_nudr_dr_handle_subscription_context denial of service
First Time appeared Open5gs
Open5gs open5gs
Weaknesses CWE-404
CPEs cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*
Vendors & Products Open5gs
Open5gs open5gs
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Open5gs Open5gs
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-03T22:30:12.651Z

Reserved: 2026-05-03T07:21:51.531Z

Link: CVE-2026-7707

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-03T23:16:42.027

Modified: 2026-05-03T23:16:42.027

Link: CVE-2026-7707

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T00:00:13Z

Weaknesses