Description
A vulnerability was determined in Open5GS up to 2.7.7. The affected element is the function ogs_nas_parse_qos_rules of the component SMF. Executing a manipulation can lead to denial of service. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-05-11
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability in the ogs_nas_parse_qos_rules function of the SMF component allows a remote attacker to manipulate the input in a way that causes a crash and a loss of service. The flaw is a use‑of‑uninitialized or mis‑parsed data condition (CWE‑404) that does not compromise confidentiality or integrity but shuts down the SMF process, leading to a denial of service for the affected network functions.

Affected Systems

The affected product is Open5GS, version 2.7.7 and earlier. The vendors and products list indicates no specific vendor name, but the implementation is the open source Open5GS project. No other version details are provided.

Risk and Exploitability

The CVSS score of 5.3 rates the flaw as moderate severity. No EPSS score is available and the vulnerability is not listed in the CISA KEV catalog. The attack vector is remote and the exploit has been publicly disclosed, meaning that an attacker with network access to the SMF can trigger the crash without local privileges.

Generated by OpenCVE AI on May 11, 2026 at 06:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a version of Open5GS that includes a patch for the SMF QoS rule parsing bug, if available.
  • Apply any vendor‑issued patch or, if none exists, contact the Open5GS maintainers to request a fix or review the source code to patch the parsing logic.
  • Restrict external access to the SMF interface using firewalls or network segmentation so that only trusted nodes can send NAS messages.
  • If the functionality is not required, consider disabling QoS rule parsing or substituting a temporary mitigated configuration until an official fix is released.

Generated by OpenCVE AI on May 11, 2026 at 06:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 11 May 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 11 May 2026 05:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in Open5GS up to 2.7.7. The affected element is the function ogs_nas_parse_qos_rules of the component SMF. Executing a manipulation can lead to denial of service. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
Title Open5GS SMF ogs_nas_parse_qos_rules denial of service
First Time appeared Open5gs
Open5gs open5gs
Weaknesses CWE-404
CPEs cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*
Vendors & Products Open5gs
Open5gs open5gs
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Open5gs Open5gs
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-11T12:47:22.687Z

Reserved: 2026-05-10T15:44:34.368Z

Link: CVE-2026-8270

cve-icon Vulnrichment

Updated: 2026-05-11T12:47:17.791Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-11T05:16:15.937

Modified: 2026-05-11T15:10:16.663

Link: CVE-2026-8270

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T06:30:29Z

Weaknesses