Description
A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function pcf_sess_set_ipv6prefix of the file /src/pcf/context.c of the component PCF. Executing a manipulation of the argument SmPolicyContextData.ipv6AddressPrefix can lead to denial of service. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-05-10
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the PCF component of Open5GS in the function pcf_sess_set_ipv6prefix located in /src/pcf/context.c. Malicious manipulation of the SmPolicyContextData.ipv6AddressPrefix argument can trigger a denial of service in the PCF service. The flaw stems from improper handling of the IPv6 prefix, leading to resource exhaustion or crash. It directly jeopardizes service availability for any subscriber relying on the PCF and can disrupt higher‑layer functions in the 5G core.

Affected Systems

Affected are installations of Open5GS up to and including version 2.7.7. The vulnerability applies only to the PCF module; other components of the Open5GS stack are not impacted. Deployment environments running a compromised PCF are vulnerable, especially those exposed to untrusted networks or public interfaces capable of sending custom SmPolicyContextData payloads.

Risk and Exploitability

Risk assessment shows a CVSS score of 6.9, indicating a moderate to high severity, with no EPSS score available and not listed in the CISA KEV catalog. The lack of EPSS data limits precise exploitation probability, but the remote nature of the attack and public disclosure indicate a realistic risk. Attackers would need network access to the PCF endpoints and ability to craft a malformed ipv6AddressPrefix field; once successful, the PCF service will become unavailable until a restart or patch is applied.

Generated by OpenCVE AI on May 10, 2026 at 04:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Open5GS release that contains the patch for the PCF context.c vulnerability (e.g., version 2.7.8 or later).
  • Restrict network access to the Open5GS PCF (policy control function) endpoints to trusted networks or internal interfaces.
  • Implement input validation for ipv6AddressPrefix before processing to reduce the risk of denial of service.

Generated by OpenCVE AI on May 10, 2026 at 04:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 10 May 2026 03:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function pcf_sess_set_ipv6prefix of the file /src/pcf/context.c of the component PCF. Executing a manipulation of the argument SmPolicyContextData.ipv6AddressPrefix can lead to denial of service. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Title Open5GS PCF context.c pcf_sess_set_ipv6prefix denial of service
First Time appeared Open5gs
Open5gs open5gs
Weaknesses CWE-404
CPEs cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*
Vendors & Products Open5gs
Open5gs open5gs
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Open5gs Open5gs
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-10T03:00:11.476Z

Reserved: 2026-05-09T07:35:24.354Z

Link: CVE-2026-8224

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-10T03:16:09.033

Modified: 2026-05-10T03:16:09.033

Link: CVE-2026-8224

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-10T04:30:04Z

Weaknesses