Description
A vulnerability was determined in Open5GS up to 2.7.7. This affects the function gsm_handle_pdu_session_modification_qos_flow_descriptions of the file src/smf/gsm-handler.c of the component SMF. Executing a manipulation of the argument n1SmMsg can lead to denial of service. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.
Published: 2026-05-11
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the gsm_handle_pdu_session_modification_qos_flow_descriptions function of Open5GS version 2.7.7 and earlier allows a remote attacker to manipulate the n1SmMsg argument. By sending a crafted N1 SM message, the SMF can be forced into an uncontrolled loop or resource exhaustion, causing a denial of service. The weakness arises from improper handling of the N1 SM payload, corresponding to CWE-404.

Affected Systems

The vulnerability affects the Open5GS project, specifically the Signaling Management Function (SMF) component. All releases up to version 2.7.7 are susceptible. No patch is available yet, but the fix is pending in a pull request. Users running these versions should be aware of the risk until a corrected release is issued.

Risk and Exploitability

The CVSS score of 5.3 indicates a medium severity, but because the attack can be carried out remotely and the exploit has been publicly disclosed, the risk is non‑negligible. The EPSS score is not provided, and the vulnerability is not yet listed in the CISA KEV catalog. Attackers would need the ability to inject malicious N1 SM messages into the SMF control plane, which can be achieved from external networks or compromised components that talk to the SMF.

Generated by OpenCVE AI on May 11, 2026 at 17:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Open5GS to a patched release (once the pull request is merged, version 2.7.8 or later).
  • Limit SMF exposure by restricting the N1 interface to trusted internal networks or applying firewall rules that block unsolicited N1 SM traffic.
  • Monitor SMF logs for abnormal N1 SM message patterns and configure intrusion detection to alert on suspicious traffic.

Generated by OpenCVE AI on May 11, 2026 at 17:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 11 May 2026 15:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in Open5GS up to 2.7.7. This affects the function gsm_handle_pdu_session_modification_qos_flow_descriptions of the file src/smf/gsm-handler.c of the component SMF. Executing a manipulation of the argument n1SmMsg can lead to denial of service. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.
Title Open5GS SMF gsm-handler.c denial of service
First Time appeared Open5gs
Open5gs open5gs
Weaknesses CWE-404
CPEs cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*
Vendors & Products Open5gs
Open5gs open5gs
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:C'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Open5gs Open5gs
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-11T13:40:14.067Z

Reserved: 2026-05-11T08:02:04.227Z

Link: CVE-2026-8288

cve-icon Vulnrichment

Updated: 2026-05-11T13:40:10.225Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-11T13:16:12.073

Modified: 2026-05-11T15:10:16.663

Link: CVE-2026-8288

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T17:15:40Z

Weaknesses