CVE-2026-7781 - Vulnerability Details

- Open5GS amf-3gpp-access Endpoint nudm-handler.c udm_nudm_uecm_handle_amf_registration_update denial of service

Description

A security vulnerability has been detected in Open5GS up to 2.7.7. Affected by this issue is the function udm_nudm_uecm_handle_amf_registration_update of the file /src/udm/nudm-handler.c of the component amf-3gpp-access Endpoint. The manipulation leads to denial of service. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Published: 2026-05-04

Score: 5.3 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability in Open5GS allows remote attackers to trigger a crash by sending crafted data to the udm_nudm_uecm_handle_amf_registration_update function in the amf‑3gpp‑access endpoint. The flaw arises from improper handling of input, which is classified as CWE‑404 (Improper Resource Shutdown or Release). Exploitation results in denial of service for the affected component and potentially for the entire network slice managed by that instance. The existing exploit code is publicly available and does not require privileged access.

Affected Systems

Affected systems are installations of Open5GS version 2.7.7 or earlier. The flaw resides in the /src/udm/nudm-handler.c file. No other vendors or products are impacted, and the latest official Open5GS releases that address this issue have not yet been published according to the information from the maintainer’s issue tracker.

Risk and Exploitability

With a CVSS score of 5.3 the vulnerability is of moderate severity. No EPSS data is available and the flaw is not listed in the CISA KEV catalog. Because the exploitation can be performed over the network, an attacker who can reach the amf‑3gpp‑access endpoint can trigger the crash remotely. Until an official fix is released, the exposure remains and an attacker can repeatedly send malicious requests to bring the service down.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

Open5GS

affected

Version	Status	Constraints
`2.7.0`	affected	—
`2.7.1`	affected	—
`2.7.2`	affected	—
`2.7.3`	affected	—
`2.7.4`	affected	—
`2.7.5`	affected	—
`2.7.6`	affected	—
`2.7.7`	affected	—

No data.

Vendor Product Confidence Versions

Open5gs

90%

Version	Status	Scheme	Platform
`[2.7.0,2.7.7]`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Check the Open5GS GitHub repository and release notes for a patched version that removes the udm_nudm_uecm_handle_amf_registration_update flaw; upgrade to that version when available.
Restrict network access to the amf‑3gpp‑access endpoint by applying firewall rules or VPN segmentation to limit which hosts can query the endpoint.
Monitor system logs for repeated failed registration update requests and set up alerting to detect potential attack attempts.

Generated by OpenCVE AI on May 4, 2026 at 23:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/open5gs/open5gs/
https://github.com/open5gs/open5gs/issues/4420
https://vuldb.com/submit/806251
https://vuldb.com/vuln/360978
https://vuldb.com/vuln/360978/cti

History

Mon, 04 May 2026 22:45:00 +0000

Type	Values Removed	Values Added
Description		A security vulnerability has been detected in Open5GS up to 2.7.7. Affected by this issue is the function udm_nudm_uecm_handle_amf_registration_update of the file /src/udm/nudm-handler.c of the component amf-3gpp-access Endpoint. The manipulation leads to denial of service. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Title		Open5GS amf-3gpp-access Endpoint nudm-handler.c udm_nudm_uecm_handle_amf_registration_update denial of service
First Time appeared		Open5gs Open5gs open5gs
Weaknesses		CWE-404
CPEs		cpe:2.3:a:open5gs:open5gs::::::::
Vendors & Products		Open5gs Open5gs open5gs
References		https://github.com/open5gs/open5gs/ https://github.com/open5gs/open5gs/issues/4420 https://vuldb.com/submit/806251 https://vuldb.com/vuln/360978 https://vuldb.com/vuln/360978/cti
Metrics		cvssV2_0 `{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Open5gs Open5gs

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-05-04T22:15:13.063Z

Updated: 2026-05-04T22:15:13.063Z

Reserved: 2026-05-04T15:50:22.832Z

Link: CVE-2026-7781

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-04T23:16:01.113

Modified: 2026-05-04T23:16:01.113

Link: CVE-2026-7781

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-04T23:30:11Z

Weaknesses

CWE-404

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object