Description
A vulnerability was determined in Open5GS up to 2.7.7. Affected is the function ogs_sbi_subscription_data_add/ogs_sbi_nf_service_add in the library /lib/sbi/context.c of the component NRF. Executing a manipulation can lead to denial of service. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. This patch is called 819db11a08b9736a3576c4f99ceb28f7eb99523a. A patch should be applied to remediate this issue.
Published: 2026-05-17
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability occurs in Open5GS NRF, specifically within the functions ogs_sbi_subscription_data_add and ogs_sbi_nf_service_add in context.c. Executing crafted operations on these functions can terminate or crash the NRF component, resulting in a denial of service. The flaw is classified under CWE-404 and can be triggered remotely.

Affected Systems

Open5GS systems up to and including version 2.7.7 are affected. The vulnerability resides in the NRF module of the Open5GS suite.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate risk. The EPSS score is unavailable, but the vulnerability is publicly disclosed and can be exploited remotely. It is not listed in CISA’s KEV catalog, yet the available patch should be applied to prevent service interruptions.

Generated by OpenCVE AI on May 17, 2026 at 10:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the patch committed in 819db11a08b9736a3576c4f99ceb28f7eb99523a to upgrade Open5GS to version 2.7.8 or later.
  • Temporarily disable or restrict external access to the NRF service until the patch can be applied.
  • Configure firewall or ACL rules to block unauthenticated or unauthorized traffic toward the NRF endpoint and monitor logs for attempted connection failures.

Generated by OpenCVE AI on May 17, 2026 at 10:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 17 May 2026 09:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in Open5GS up to 2.7.7. Affected is the function ogs_sbi_subscription_data_add/ogs_sbi_nf_service_add in the library /lib/sbi/context.c of the component NRF. Executing a manipulation can lead to denial of service. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. This patch is called 819db11a08b9736a3576c4f99ceb28f7eb99523a. A patch should be applied to remediate this issue.
Title Open5GS NRF context.c ogs_sbi_nf_service_add denial of service
First Time appeared Open5gs
Open5gs open5gs
Weaknesses CWE-404
CPEs cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*
Vendors & Products Open5gs
Open5gs open5gs
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Open5gs Open5gs
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-17T09:15:11.820Z

Reserved: 2026-05-16T12:38:26.906Z

Link: CVE-2026-8744

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-17T10:16:36.730

Modified: 2026-05-17T10:16:36.730

Link: CVE-2026-8744

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-17T11:00:11Z

Weaknesses