Description
A security flaw has been discovered in Open5GS up to 2.7.7. This vulnerability affects the function ogs_pcc_rule_install_flow_from_media in the library /lib/proto/types.c. The manipulation results in denial of service. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-05-10
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability was discovered in Open5GS up to version 2.7.7 in the function ogs_pcc_rule_install_flow_from_media within the library /lib/proto/types.c. Manipulating the input to this function can cause the process to hang, leading to a denial of service. The exploit is remote, requires only the ability to invoke the vulnerable function, and a public exploit is already available, making it reachable to attackers.

Affected Systems

The affected product is Open5GS, a free and open‑source 5G core network implementation. Any installation of Open5GS that includes a component executing the ogs_pcc_rule_install_flow_from_media function and that runs up to and including version 2.7.7 is vulnerable. Users should verify the version they are running and upgrade if it falls within this range.

Risk and Exploitability

The CVSS score of 6.9 indicates medium severity. While the EPSS score is not available, the fact that the exploit has been publicly released and can be launched remotely suggests a notable risk for systems that expose Open5GS to untrusted networks. The vulnerability is not yet listed in CISA KEV, but the lack of an official fix in the project increases the exposure window.

Generated by OpenCVE AI on May 10, 2026 at 05:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Review the Open5GS project releases and upgrade to a version that contains the fix (for example, 2.7.8 or later if available).
  • If an update is not immediately possible, limit external exposure of the PCC rule installation function by applying firewall rules or access‑control lists that restrict which IP ranges can reach the Open5GS instance.
  • Enable detailed logging for PCC rule installation and monitor for repeated failures or abnormal traffic patterns; raise alerts if the server becomes unresponsive or logs show repeated errors.

Generated by OpenCVE AI on May 10, 2026 at 05:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 10 May 2026 04:45:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in Open5GS up to 2.7.7. This vulnerability affects the function ogs_pcc_rule_install_flow_from_media in the library /lib/proto/types.c. The manipulation results in denial of service. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Title Open5GS types.c ogs_pcc_rule_install_flow_from_media denial of service
First Time appeared Open5gs
Open5gs open5gs
Weaknesses CWE-404
CPEs cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*
Vendors & Products Open5gs
Open5gs open5gs
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Open5gs Open5gs
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-10T03:30:10.206Z

Reserved: 2026-05-09T07:35:29.778Z

Link: CVE-2026-8226

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-10T05:16:12.240

Modified: 2026-05-10T05:16:12.240

Link: CVE-2026-8226

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-10T05:30:05Z

Weaknesses