Description
A security flaw has been discovered in Open5GS up to 2.7.7. Affected by this issue is the function discover_handler in the library /lib/sbi/nghttp2-server.c of the component NRF. The manipulation results in use after free. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-05-17
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a use‑after‑free flaw in the discover_handler function of Open5GS NRF’s nghttp2-server.c library. This defect allows an attacker to cause memory corruption when an HTTP/2 request is processed. The result can lead to arbitrary code execution or other forms of compromise on the affected system. The flaw is publicly documented as a remotely exploitable vulnerability and an exploit has already been released.

Affected Systems

Open5GS version 2.7.7 and earlier. No other versions are listed as affected.

Risk and Exploitability

The CVSS score of 5.3 places it in the moderate severity range. EPSS is not available and it is not listed in the CISA KEV catalog. The attack can be launched remotely with no special privileges and a publicly available exploit means the risk of exploitation is tangible. Until a vendor patch is released, systems remain exposed.

Generated by OpenCVE AI on May 17, 2026 at 11:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Open5GS to a version that contains the fix once it is released by the vendor.
  • Limit network exposure of the NRF service by restricting it to trusted IP ranges or VPNs, thereby reducing the attack surface.
  • Disable or restrict HTTP/2 support in the service configuration if possible, as the flaw is triggered by HTTP/2 request handling.
  • Monitor logs for anomalous HTTP/2 traffic patterns or exploit attempts and investigate any suspicious activity.

Generated by OpenCVE AI on May 17, 2026 at 11:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 17 May 2026 10:45:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in Open5GS up to 2.7.7. Affected by this issue is the function discover_handler in the library /lib/sbi/nghttp2-server.c of the component NRF. The manipulation results in use after free. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Title Open5GS NRF nghttp2-server.c discover_handler use after free
First Time appeared Open5gs
Open5gs open5gs
Weaknesses CWE-119
CWE-416
CPEs cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*
Vendors & Products Open5gs
Open5gs open5gs
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Open5gs Open5gs
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-17T10:15:08.674Z

Reserved: 2026-05-16T12:38:45.771Z

Link: CVE-2026-8746

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-17T11:16:35.110

Modified: 2026-05-17T11:16:35.110

Link: CVE-2026-8746

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-17T11:30:15Z

Weaknesses