Description
A security flaw has been discovered in Open5GS up to 2.7.7. Affected is the function udm_nudr_dr_handle_subscription_authentication of the file /src/udm/nudr-handler.c of the component authentication-subscription Endpoint. Performing a manipulation results in denial of service. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-05-04
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the authentication‑subscription Endpoint of Open5GS (udm_nudr_dr_handle_subscription_authentication) enables an attacker to trigger a denial of service by sending a crafted request. The vulnerability is exploitable remotely and an exploit has already been released to the public.

Affected Systems

All Open5GS deployments up to version 2.7.7 are affected, specifically the implementation in src/udm/nudr-handler.c that processes subscription authentication requests.

Risk and Exploitability

The CVSS score of 5.3 places the issue in the moderate impact range, and no EPSS score is available, but the remote nature of the attack and the public availability of the exploit raise the likelihood that vulnerable systems could be targeted. The vulnerability is not currently listed in CISA KEV, yet the potential for service disruption remains significant.

Generated by OpenCVE AI on May 4, 2026 at 22:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Open5GS version 2.8 or later where the fault in udm_nudr_dr_handle_subscription_authentication has been corrected.
  • If an upgrade is not immediately possible, restrict inbound traffic to the authentication‑subscription endpoint using firewall rules or VLAN segmentation to limit exposure to trusted networks.
  • Apply temporary mitigation by disabling or limiting the authentication‑subscription endpoint through configuration changes until the vendor releases a patch.
  • Continuously monitor authentication logs for abnormal or repeated requests that may indicate exploitation attempts and react by throttling or blocking offending IPs.

Generated by OpenCVE AI on May 4, 2026 at 22:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 21:00:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in Open5GS up to 2.7.7. Affected is the function udm_nudr_dr_handle_subscription_authentication of the file /src/udm/nudr-handler.c of the component authentication-subscription Endpoint. Performing a manipulation results in denial of service. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Title Open5GS authentication-subscription Endpoint nudr-handler.c udm_nudr_dr_handle_subscription_authentication denial of service
First Time appeared Open5gs
Open5gs open5gs
Weaknesses CWE-404
CPEs cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*
Vendors & Products Open5gs
Open5gs open5gs
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Open5gs Open5gs
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-04T20:30:14.589Z

Reserved: 2026-05-04T15:50:14.414Z

Link: CVE-2026-7779

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-04T21:16:33.080

Modified: 2026-05-04T21:16:33.080

Link: CVE-2026-7779

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T23:00:09Z

Weaknesses