Description
A weakness has been identified in Open5GS up to 2.7.7. Affected by this vulnerability is the function udm_state_operational of the file /src/udm/udm-sm.c of the component smf-registrations Endpoint. Executing a manipulation can lead to denial of service. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-05-04
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the udm_state_operational function of Open5GS’s smf-registrations endpoint allows a remote attacker to manipulate the service and trigger a denial of service. The vulnerability is an instance of CWE-404, where improper resource shutdown or release can lead to loss of service availability. When exploited, the server becomes unable to process legitimate requests for the endpoint, disrupting network functions that rely on it.

Affected Systems

Open5GS open5gs software, versions up to and including 2.7.7, is affected. The flaw exists in the smf-registrations endpoint handled by udm_state_operational in the udm‑sm.c source file.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity. The exploit is available publicly and can be launched remotely against the endpoint, though the EPSS score is not reported. The vulnerability is not listed in CISA KEV, but because the code is exposed over the network, a malicious actor could deploy the known exploit to interrupt service. The risk is heightened for environments where the smf-registrations endpoint is accessible from untrusted networks.

Generated by OpenCVE AI on May 4, 2026 at 23:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Open5GS to a version newer than 2.7.7 once the vendor releases a patch
  • If an upgrade cannot be performed immediately, restrict or block access to the smf-registrations endpoint using firewall or ACL rules
  • Configure rate limiting and monitor traffic on the endpoint to detect and mitigate sudden spikes or malicious access patterns

Generated by OpenCVE AI on May 4, 2026 at 23:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 22:15:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in Open5GS up to 2.7.7. Affected by this vulnerability is the function udm_state_operational of the file /src/udm/udm-sm.c of the component smf-registrations Endpoint. Executing a manipulation can lead to denial of service. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Title Open5GS smf-registrations Endpoint udm-sm.c udm_state_operational denial of service
First Time appeared Open5gs
Open5gs open5gs
Weaknesses CWE-404
CPEs cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*
Vendors & Products Open5gs
Open5gs open5gs
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Open5gs Open5gs
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-04T22:00:12.861Z

Reserved: 2026-05-04T15:50:19.524Z

Link: CVE-2026-7780

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-04T22:16:20.493

Modified: 2026-05-04T22:16:20.493

Link: CVE-2026-7780

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-05T00:00:09Z

Weaknesses