Description
A vulnerability has been found in Open5GS up to 2.7.7. The impacted element is the function ogs_sbi_parse_plmn_list in the library /lib/sbi/conv.c of the component NSSF. The manipulation leads to denial of service. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-05-08
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw exists in the Open5GS NSSF component, specifically within the ogs_sbi_parse_plmn_list routine in lib/sbi/conv.c. The vulnerability allows an attacker to craft input that causes a failure in the function, leading to a denial of service. The weakness is classified as CWE‑404, which refers to failure to release resources. The impact is an interruption of the NSSF service, potentially affecting the overall 5G network availability.

Affected Systems

The vulnerability affects all Open5GS installations up to version 2.7.7. Customers running Open5GS NSSF in any environment that relies on this component may experience a service outage when the flaw is triggered.

Risk and Exploitability

The flaw is exploitable remotely, as the attacker can send malicious requests to the NSSF endpoint. The CVSS score of 5.3 indicates a medium severity because the impact is limited to service availability. The EPSS score is not available, so the recent exploit probability is unknown; however, the vulnerability has been publicly disclosed and could be used. The issue is not listed in the CISA KEV catalog at this time, but because it can cause a denial of service, operators should treat it as a significant risk until a patch is released.

Generated by OpenCVE AI on May 8, 2026 at 02:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a version of Open5GS newer than 2.7.7 when a vendor patch becomes available.
  • Block or throttle traffic to the NSSF service from untrusted sources to mitigate denial‑of‑service attempts.
  • Monitor NSSF logs for repeated parsing failures and apply rate‑limiting or application‑level safeguards to reduce the impact of the defect.

Generated by OpenCVE AI on May 8, 2026 at 02:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 08 May 2026 01:00:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in Open5GS up to 2.7.7. The impacted element is the function ogs_sbi_parse_plmn_list in the library /lib/sbi/conv.c of the component NSSF. The manipulation leads to denial of service. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Title Open5GS NSSF conv.c ogs_sbi_parse_plmn_list denial of service
First Time appeared Open5gs
Open5gs open5gs
Weaknesses CWE-404
CPEs cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*
Vendors & Products Open5gs
Open5gs open5gs
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Open5gs Open5gs
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-08T00:30:10.368Z

Reserved: 2026-05-07T16:56:47.235Z

Link: CVE-2026-8121

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-08T01:16:09.860

Modified: 2026-05-08T01:16:09.860

Link: CVE-2026-8121

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T02:30:43Z

Weaknesses