Description
A vulnerability was determined in Open5GS up to 2.7.7. This impacts the function ogs_sbi_discovery_option_add_snssais in the library /lib/sbi/message.c of the component NSSF. This manipulation causes denial of service. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-05-08
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Open5GS up to version 2.7.7 contains a flaw in the function ogs_sbi_discovery_option_add_snssais within the lib/sbi/message.c component of the NSSF service. Manipulation of this entry causes the service to crash, resulting in a denial of service. Based on the description, it is inferred that improper handling of input data may be involved, and the flaw is classified under CWE-404. An attacker can trigger the vulnerability remotely and the exploit has been publicly disclosed.

Affected Systems

The vulnerability affects all installations of Open5GS up to and including version 2.7.7. Systems running the NSSF component of Open5GS that do not contain this specific patch are at risk.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. However, the vulnerability can be exploited remotely through publicly disclosed exploits, making it a realistic threat for exposed instances of Open5GS.

Generated by OpenCVE AI on May 8, 2026 at 04:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply an available patch for Open5GS when a fixed release is issued.
  • Configure firewall or network controls to restrict SBI discovery traffic to trusted hosts until a patch is available.
  • If patch cannot be applied immediately, disable the NSSF SBI discovery API until a fix is released.

Generated by OpenCVE AI on May 8, 2026 at 04:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 08 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 08 May 2026 01:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in Open5GS up to 2.7.7. This impacts the function ogs_sbi_discovery_option_add_snssais in the library /lib/sbi/message.c of the component NSSF. This manipulation causes denial of service. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
Title Open5GS NSSF message.c ogs_sbi_discovery_option_add_snssais denial of service
First Time appeared Open5gs
Open5gs open5gs
Weaknesses CWE-404
CPEs cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*
Vendors & Products Open5gs
Open5gs open5gs
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Open5gs Open5gs
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-08T13:01:17.005Z

Reserved: 2026-05-07T16:57:14.031Z

Link: CVE-2026-8123

cve-icon Vulnrichment

Updated: 2026-05-08T13:01:13.758Z

cve-icon NVD

Status : Received

Published: 2026-05-08T02:16:07.803

Modified: 2026-05-08T02:16:07.803

Link: CVE-2026-8123

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T05:30:45Z

Weaknesses