CVE-2026-8252 - Vulnerability Details

- Open5GS SMF smf_nsmf_handle_create_data_in_hsmf null pointer dereference

Description

A vulnerability was determined in Open5GS up to 2.7.7. Affected is the function smf_nsmf_handle_create_data_in_hsmf of the component SMF. Executing a manipulation can lead to null pointer dereference. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.

Published: 2026-05-10

Score: 5.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability involves a null pointer dereference in the smf_nsmf_handle_create_data_in_hsmf function of the Open5GS SMF component. It results from accessing a null pointer when processing create data requests, causing the service to crash or become unresponsive. This flaw falls under CWE‑476 (NULL Pointer Dereference) and CWE‑404 (Improper Resource Shutdown or Release). The immediate consequence is a denial of service to users whose requests trigger the crash, potentially impacting network availability.

Affected Systems

Open5GS (SMF component) with versions up to and including 2.7.7. The vulnerability is specific to the SMF module and affects any deployment where smf_nsmf_handle_create_data_in_hsmf is reachable.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity, while the EPSS score is not available, which limits precise estimation of exploit likelihood. The vulnerability is remotely exploitable via crafted requests and has been publicly disclosed, meaning attackers could reach the SMF service from external networks. The public disclosure indicates the exploit may be utilized, but no records exist in the KEV catalog.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

Open5GS

affected

Version	Status	Constraints
`2.7.0`	affected	—
`2.7.1`	affected	—
`2.7.2`	affected	—
`2.7.3`	affected	—
`2.7.4`	affected	—
`2.7.5`	affected	—
`2.7.6`	affected	—
`2.7.7`	affected	—

No data.

Vendor Product Confidence Versions

Open5gs

95%

Version	Status	Scheme	Platform
`2.7.0`	affected	semver	—
`2.7.1`	affected	semver	—
`2.7.2`	affected	semver	—
`2.7.3`	affected	semver	—
`2.7.4`	affected	semver	—
`2.7.5`	affected	semver	—
`2.7.6`	affected	semver	—
`2.7.7`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Check the Open5GS project repository or vendor announcements for an update that addresses this vulnerability and apply it if available.
If an immediate patch is unavailable, isolate the SMF service behind a firewall or web proxy, enforce strict authentication, and validate all incoming parameters to ensure they are not null before processing.
Monitor system logs for segmentation fault events and configure high‑availability or fail‑over mechanisms to maintain service continuity in case a crash occurs.

Generated by OpenCVE AI on May 11, 2026 at 01:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00039.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/open5gs/open5gs/
https://github.com/open5gs/open5gs/issues/4446
https://vuldb.com/submit/808482
https://vuldb.com/vuln/362549
https://vuldb.com/vuln/362549/cti

History

Mon, 11 May 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Sun, 10 May 2026 23:45:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was determined in Open5GS up to 2.7.7. Affected is the function smf_nsmf_handle_create_data_in_hsmf of the component SMF. Executing a manipulation can lead to null pointer dereference. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
Title		Open5GS SMF smf_nsmf_handle_create_data_in_hsmf null pointer dereference
First Time appeared		Open5gs Open5gs open5gs
Weaknesses		CWE-404 CWE-476
CPEs		cpe:2.3:a:open5gs:open5gs::::::::
Vendors & Products		Open5gs Open5gs open5gs
References		https://github.com/open5gs/open5gs/ https://github.com/open5gs/open5gs/issues/4446 https://vuldb.com/submit/808482 https://vuldb.com/vuln/362549 https://vuldb.com/vuln/362549/cti
Metrics		cvssV2_0 `{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Open5gs Open5gs

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-05-10T23:15:10.272Z

Updated: 2026-05-11T12:49:52.346Z

Reserved: 2026-05-10T14:40:09.473Z

Link: CVE-2026-8252

Vulnrichment

Updated: 2026-05-11T12:49:46.905Z

NVD

Status : Undergoing Analysis

Published: 2026-05-11T00:16:33.317

Modified: 2026-05-11T15:10:16.663

Link: CVE-2026-8252

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-11T02:00:07Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object