Description
A vulnerability was identified in Open5GS up to 2.7.7. Affected by this vulnerability is the function ogs_timer_add in the library /src/ausf/nausf-handler.c of the component AUSF. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-05-17
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in Open5GS's AUSF component, specifically the ogs_timer_add function within nausf-handler.c. A malformed or crafted input can cause the timer addition routine to fail, leading to a crash of the AUSF process and a denial of service. This weakness is identified as CWE-404, representing a missing resource or object, and allows an attacker to disrupt service availability.

Affected Systems

Affected is Open5GS up to version 2.7.7. Any installation of the AUSF module in these releases is vulnerable. No specific license or edition constraints are mentioned.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity. The EPSS is not available, so the current probability of exploitation is unknown, but the vulnerability is publicly documented and may be used. The attack can be initiated remotely, so network exposure of the AUSF interface increases risk. It is not yet listed in CISA KEV.

Generated by OpenCVE AI on May 17, 2026 at 11:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Open5GS to a version newer than 2.7.7.
  • If an update is not immediately possible, apply a local patch that adds input validation to the ogs_timer_add routine to prevent null or invalid parameters.
  • Restrict network access to the AUSF service using firewall rules or network segmentation to limit the exposure to trusted hosts.

Generated by OpenCVE AI on May 17, 2026 at 11:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 17 May 2026 10:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in Open5GS up to 2.7.7. Affected by this vulnerability is the function ogs_timer_add in the library /src/ausf/nausf-handler.c of the component AUSF. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
Title Open5GS AUSF nausf-handler.c ogs_timer_add denial of service
First Time appeared Open5gs
Open5gs open5gs
Weaknesses CWE-404
CPEs cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*
Vendors & Products Open5gs
Open5gs open5gs
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Open5gs Open5gs
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-17T09:45:07.635Z

Reserved: 2026-05-16T12:38:35.488Z

Link: CVE-2026-8745

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-17T10:16:36.900

Modified: 2026-05-17T10:16:36.900

Link: CVE-2026-8745

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-17T11:30:15Z

Weaknesses