Nixpkgs security tracker

NIXPKGS-2026-1482

GitHub issue published on

Permalink CVE-2026-8249

2.1 LOW

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): Low (L)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Exploit Maturity (E): POC (P)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): Low (L)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)

updated 10 hours ago by @LeSuisse Activity log

Created suggestion 1 day, 1 hour ago
@LeSuisse ignored
3 references
10 hours ago
@LeSuisse ignored package open5gs-webui 10 hours ago
@LeSuisse accepted 10 hours ago
@LeSuisse published on GitHub 10 hours ago

Open5GS SMF npcf-handler.c update_authorized_pcc_rule_and_qos denial of service

A flaw has been found in Open5GS up to 2.7.7. The impacted element is the function update_authorized_pcc_rule_and_qos of the file /src/smf/npcf-handler.c of the component SMF. This manipulation causes denial of service. Remote exploitation of the attack is possible. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-362546 | Open5GS SMF npcf-handler.c update_authorized_pcc_rule_and_qos denial of service technical-descriptionvdb-entry
https://github.com/open5gs/open5gs/issues/4443 issue-trackingexploit

Ignored references (3)

VDB-362546 | CTI Indicators (IOB, IOC, TTP, IOA) permissions-requiredsignature
Submit #808473 | Open5gs SMF v2.7.7 Denial of Service third-party-advisory
https://github.com/open5gs/open5gs/ product

Affected products

Open5GS

==2.7.6
==2.7.0
==2.7.7
==2.7.3
==2.7.4
==2.7.2
==2.7.5
==2.7.1

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7
nixos-25.11 2.7.7
- nixos-25.11-small 2.7.7
- nixpkgs-25.11-darwin 2.7.7

Ignored packages (1)

pkgs.open5gs-webui

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7
nixos-25.11 2.7.7
- nixos-25.11-small 2.7.7
- nixpkgs-25.11-darwin 2.7.7

Package maintainers

@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>
@xddxdd Yuhui Xu <b980120@hotmail.com>

NIXPKGS-2026-1483

GitHub issue published on

Permalink CVE-2026-8222

5.5 MEDIUM

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): Low (L)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Exploit Maturity (E): POC (P)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): Low (L)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)

updated 10 hours ago by @LeSuisse Activity log

Created suggestion 1 day, 1 hour ago
@LeSuisse ignored package open5gs-webui 10 hours ago
@LeSuisse ignored
3 references
10 hours ago
@LeSuisse accepted 10 hours ago
@LeSuisse published on GitHub 10 hours ago

Open5GS sm-policies Endpoint nbsf-handler.c pcf_nbsf_management_handle_register denial of service

A vulnerability has been found in Open5GS up to 2.7.7. Affected is the function pcf_nbsf_management_handle_register of the file src/pcf/nbsf-handler.c of the component sm-policies Endpoint. Such manipulation leads to denial of service. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-362439 | Open5GS sm-policies Endpoint nbsf-handler.c pcf_nbsf_management_handle_register denial of service technical-descriptionvdb-entry
https://github.com/open5gs/open5gs/issues/4437 issue-trackingexploit

Ignored references (3)

VDB-362439 | CTI Indicators (IOB, IOC, TTP, IOA) permissions-requiredsignature
Submit #808427 | Open5gs PCF v2.7.7 Denial of Service third-party-advisory
https://github.com/open5gs/open5gs/ product

Affected products

Open5GS

==2.7.6
==2.7.0
==2.7.7
==2.7.3
==2.7.4
==2.7.2
==2.7.5
==2.7.1

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7
nixos-25.11 2.7.7
- nixos-25.11-small 2.7.7
- nixpkgs-25.11-darwin 2.7.7

Ignored packages (1)

pkgs.open5gs-webui

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7
nixos-25.11 2.7.7
- nixos-25.11-small 2.7.7
- nixpkgs-25.11-darwin 2.7.7

Package maintainers

@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>
@xddxdd Yuhui Xu <b980120@hotmail.com>

NIXPKGS-2026-1484

GitHub issue published on

Permalink CVE-2026-8248

2.1 LOW

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): Low (L)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Exploit Maturity (E): POC (P)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): Low (L)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)

updated 10 hours ago by @LeSuisse Activity log

Created suggestion 1 day, 1 hour ago
@LeSuisse ignored
3 references
10 hours ago
@LeSuisse ignored package open5gs-webui 10 hours ago
@LeSuisse accepted 10 hours ago
@LeSuisse published on GitHub 10 hours ago

Open5GS SMF npcf-handler.c update_authorized_pcc_rule_and_qos denial of service

A vulnerability was detected in Open5GS up to 2.7.7. The affected element is the function update_authorized_pcc_rule_and_qos of the file /src/smf/npcf-handler.c of the component SMF. The manipulation results in denial of service. The attack may be launched remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-362545 | Open5GS SMF npcf-handler.c update_authorized_pcc_rule_and_qos denial of service technical-descriptionvdb-entry
https://github.com/open5gs/open5gs/issues/4442 issue-trackingexploit

Ignored references (3)

VDB-362545 | CTI Indicators (IOB, IOC, TTP, IOA) permissions-requiredsignature
Submit #808472 | Open5gs SMF v2.7.7 Denial of Service third-party-advisory
https://github.com/open5gs/open5gs/ product

Affected products

Open5GS

==2.7.6
==2.7.0
==2.7.7
==2.7.3
==2.7.4
==2.7.2
==2.7.5
==2.7.1

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7
nixos-25.11 2.7.7
- nixos-25.11-small 2.7.7
- nixpkgs-25.11-darwin 2.7.7

Ignored packages (1)

pkgs.open5gs-webui

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7
nixos-25.11 2.7.7
- nixos-25.11-small 2.7.7
- nixpkgs-25.11-darwin 2.7.7

Package maintainers

@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>
@xddxdd Yuhui Xu <b980120@hotmail.com>

NIXPKGS-2026-1480

GitHub issue published on

Permalink CVE-2026-8252

2.1 LOW

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): Low (L)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Exploit Maturity (E): POC (P)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): Low (L)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)

updated 10 hours ago by @LeSuisse Activity log

Created suggestion 1 day, 1 hour ago
@LeSuisse ignored
3 references
10 hours ago
@LeSuisse ignored package open5gs-webui 10 hours ago
@LeSuisse accepted 10 hours ago
@LeSuisse published on GitHub 10 hours ago

Open5GS SMF smf_nsmf_handle_create_data_in_hsmf null pointer dereference

A vulnerability was determined in Open5GS up to 2.7.7. Affected is the function smf_nsmf_handle_create_data_in_hsmf of the component SMF. Executing a manipulation can lead to null pointer dereference. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-362549 | Open5GS SMF smf_nsmf_handle_create_data_in_hsmf null pointer dereference technical-descriptionvdb-entry
https://github.com/open5gs/open5gs/issues/4446 issue-trackingexploit

Ignored references (3)

VDB-362549 | CTI Indicators (IOB, IOC, IOA) permissions-requiredsignature
Submit #808482 | Open5gs SMF v2.7.7 Denial of Service third-party-advisory
https://github.com/open5gs/open5gs/ product

Affected products

Open5GS

==2.7.6
==2.7.0
==2.7.7
==2.7.3
==2.7.4
==2.7.2
==2.7.5
==2.7.1

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7
nixos-25.11 2.7.7
- nixos-25.11-small 2.7.7
- nixpkgs-25.11-darwin 2.7.7

Ignored packages (1)

pkgs.open5gs-webui

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7
nixos-25.11 2.7.7
- nixos-25.11-small 2.7.7
- nixpkgs-25.11-darwin 2.7.7

Package maintainers

@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>
@xddxdd Yuhui Xu <b980120@hotmail.com>

NIXPKGS-2026-1481

GitHub issue published on

Permalink CVE-2026-8250

2.1 LOW

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): Low (L)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Exploit Maturity (E): POC (P)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): Low (L)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)

updated 10 hours ago by @LeSuisse Activity log

Created suggestion 1 day, 1 hour ago
@LeSuisse ignored
3 references
10 hours ago
@LeSuisse ignored package open5gs-webui 10 hours ago
@LeSuisse accepted 10 hours ago
@LeSuisse published on GitHub 10 hours ago

Open5GS SMF n4-build.c smf_n4_build_qos_flow_to_modify_list denial of service

A vulnerability has been found in Open5GS up to 2.7.7. This affects the function smf_n4_build_qos_flow_to_modify_list of the file /src/smf/n4-build.c of the component SMF. Such manipulation leads to denial of service. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-362547 | Open5GS SMF n4-build.c smf_n4_build_qos_flow_to_modify_list denial of service technical-descriptionvdb-entry
https://github.com/open5gs/open5gs/issues/4444 issue-trackingexploit

Ignored references (3)

https://github.com/open5gs/open5gs/ product
Submit #808476 | Open5gs SMF v2.7.7 Denial of Service third-party-advisory
VDB-362547 | CTI Indicators (IOB, IOC, TTP, IOA) permissions-requiredsignature

Affected products

Open5GS

==2.7.6
==2.7.0
==2.7.7
==2.7.3
==2.7.4
==2.7.2
==2.7.5
==2.7.1

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7
nixos-25.11 2.7.7
- nixos-25.11-small 2.7.7
- nixpkgs-25.11-darwin 2.7.7

Ignored packages (1)

pkgs.open5gs-webui

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7
nixos-25.11 2.7.7
- nixos-25.11-small 2.7.7
- nixpkgs-25.11-darwin 2.7.7

Package maintainers

@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>
@xddxdd Yuhui Xu <b980120@hotmail.com>

NIXPKGS-2026-1478

GitHub issue published on

Permalink CVE-2026-8225

5.5 MEDIUM

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): Low (L)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Exploit Maturity (E): POC (P)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): Low (L)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)

updated 10 hours ago by @LeSuisse Activity log

Created suggestion 1 day, 1 hour ago
@LeSuisse ignored
3 references
10 hours ago
@LeSuisse ignored package open5gs-webui 10 hours ago
@LeSuisse accepted 10 hours ago
@LeSuisse published on GitHub 10 hours ago

Open5GS delete Endpoint sm-sm.c pcf_npcf_smpolicycontrol_handle_delete denial of service

A vulnerability was identified in Open5GS up to 2.7.7. This affects the function pcf_npcf_smpolicycontrol_handle_delete of the file src/pcf/sm-sm.c of the component delete Endpoint. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-362442 | Open5GS delete Endpoint sm-sm.c pcf_npcf_smpolicycontrol_handle_delete denial of service technical-descriptionvdb-entry
https://github.com/open5gs/open5gs/issues/4440 issue-trackingexploit

Ignored references (3)

https://github.com/open5gs/open5gs/ product
Submit #808444 | Open5gs PCF v2.7.7 Denial of Service third-party-advisory
VDB-362442 | CTI Indicators (IOB, IOC, TTP, IOA) permissions-requiredsignature

Affected products

Open5GS

==2.7.6
==2.7.0
==2.7.7
==2.7.3
==2.7.4
==2.7.2
==2.7.5
==2.7.1

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7
nixos-25.11 2.7.7
- nixos-25.11-small 2.7.7
- nixpkgs-25.11-darwin 2.7.7

Ignored packages (1)

pkgs.open5gs-webui

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7
nixos-25.11 2.7.7
- nixos-25.11-small 2.7.7
- nixpkgs-25.11-darwin 2.7.7

Package maintainers

@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>
@xddxdd Yuhui Xu <b980120@hotmail.com>

NIXPKGS-2026-1479

GitHub issue published on

Permalink CVE-2026-8223

5.5 MEDIUM

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): Low (L)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Exploit Maturity (E): POC (P)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): Low (L)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)

updated 10 hours ago by @LeSuisse Activity log

Created suggestion 1 day, 1 hour ago
@LeSuisse ignored
3 references
10 hours ago
@LeSuisse ignored package open5gs-webui 10 hours ago
@LeSuisse accepted 10 hours ago
@LeSuisse published on GitHub 10 hours ago

Open5GS sm-policies Endpoint pcf_sess_sbi_discover_and_send denial of service

A vulnerability was found in Open5GS up to 2.7.7. Affected by this vulnerability is the function pcf_sess_sbi_discover_and_send of the component sm-policies Endpoint. Performing a manipulation results in denial of service. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-362440 | Open5GS sm-policies Endpoint pcf_sess_sbi_discover_and_send denial of service technical-descriptionvdb-entry
https://github.com/open5gs/open5gs/issues/4438 issue-trackingexploit

Ignored references (3)

https://github.com/open5gs/open5gs/ product
Submit #808442 | Open5gs PCF v2.7.7 Denial of Service third-party-advisory
VDB-362440 | CTI Indicators (IOB, IOC, TTP, IOA) permissions-requiredsignature

Affected products

Open5GS

==2.7.6
==2.7.0
==2.7.7
==2.7.3
==2.7.4
==2.7.2
==2.7.5
==2.7.1

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7
nixos-25.11 2.7.7
- nixos-25.11-small 2.7.7
- nixpkgs-25.11-darwin 2.7.7

Ignored packages (1)

pkgs.open5gs-webui

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7
nixos-25.11 2.7.7
- nixos-25.11-small 2.7.7
- nixpkgs-25.11-darwin 2.7.7

Package maintainers

@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>
@xddxdd Yuhui Xu <b980120@hotmail.com>

NIXPKGS-2026-1477

GitHub issue published on

Permalink CVE-2026-8251

2.1 LOW

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): Low (L)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Exploit Maturity (E): POC (P)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): Low (L)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)

updated 10 hours ago by @LeSuisse Activity log

Created suggestion 1 day, 1 hour ago
@LeSuisse ignored package open5gs-webui 10 hours ago
@LeSuisse ignored
3 references
10 hours ago
@LeSuisse accepted 10 hours ago
@LeSuisse published on GitHub 10 hours ago

Open5GS SMF npcf-handler.c update_authorized_pcc_rule_and_qos denial of service

A vulnerability was found in Open5GS up to 2.7.7. This impacts the function update_authorized_pcc_rule_and_qos of the file /src/smf/npcf-handler.c of the component SMF. Performing a manipulation results in denial of service. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-362548 | Open5GS SMF npcf-handler.c update_authorized_pcc_rule_and_qos denial of service technical-descriptionvdb-entry
https://github.com/open5gs/open5gs/issues/4445 issue-trackingexploit

Ignored references (3)

VDB-362548 | CTI Indicators (IOB, IOC, TTP, IOA) permissions-requiredsignature
Submit #808480 | Open5gs SMF v2.7.7 Denial of Service third-party-advisory
https://github.com/open5gs/open5gs/ product

Affected products

Open5GS

==2.7.6
==2.7.0
==2.7.7
==2.7.3
==2.7.4
==2.7.2
==2.7.5
==2.7.1

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7
nixos-25.11 2.7.7
- nixos-25.11-small 2.7.7
- nixpkgs-25.11-darwin 2.7.7

Ignored packages (1)

pkgs.open5gs-webui

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7
nixos-25.11 2.7.7
- nixos-25.11-small 2.7.7
- nixpkgs-25.11-darwin 2.7.7

Package maintainers

@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>
@xddxdd Yuhui Xu <b980120@hotmail.com>

NIXPKGS-2026-1476

GitHub issue published on

Permalink CVE-2026-8224

5.5 MEDIUM

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): Low (L)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Exploit Maturity (E): POC (P)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): Low (L)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)

updated 10 hours ago by @LeSuisse Activity log

Created suggestion 1 day, 1 hour ago
@LeSuisse ignored package open5gs-webui 10 hours ago
@LeSuisse ignored
3 references
10 hours ago
@LeSuisse accepted 10 hours ago
@LeSuisse published on GitHub 10 hours ago

Open5GS PCF context.c pcf_sess_set_ipv6prefix denial of service

A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function pcf_sess_set_ipv6prefix of the file /src/pcf/context.c of the component PCF. Executing a manipulation of the argument SmPolicyContextData.ipv6AddressPrefix can lead to denial of service. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

References

VDB-362441 | Open5GS PCF context.c pcf_sess_set_ipv6prefix denial of service technical-descriptionvdb-entry
https://github.com/open5gs/open5gs/issues/4439 issue-trackingexploit

Ignored references (3)

VDB-362441 | CTI Indicators (IOB, IOC, TTP, IOA) permissions-requiredsignature
Submit #808443 | Open5gs PCF v2.7.7 Denial of Service third-party-advisory
https://github.com/open5gs/open5gs/ product

Affected products

Open5GS

==2.7.6
==2.7.0
==2.7.7
==2.7.3
==2.7.4
==2.7.2
==2.7.5
==2.7.1

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7
nixos-25.11 2.7.7
- nixos-25.11-small 2.7.7
- nixpkgs-25.11-darwin 2.7.7

Ignored packages (1)

pkgs.open5gs-webui

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7
nixos-25.11 2.7.7
- nixos-25.11-small 2.7.7
- nixpkgs-25.11-darwin 2.7.7

Package maintainers

@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>
@xddxdd Yuhui Xu <b980120@hotmail.com>

NIXPKGS-2026-1475

GitHub issue published on

Permalink CVE-2026-8226

5.5 MEDIUM

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): Low (L)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Exploit Maturity (E): POC (P)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): Low (L)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)

updated 10 hours ago by @LeSuisse Activity log

Created suggestion 1 day, 1 hour ago
@LeSuisse ignored
3 references
10 hours ago
@LeSuisse ignored package open5gs-webui 10 hours ago
@LeSuisse accepted 10 hours ago
@LeSuisse published on GitHub 10 hours ago

Open5GS types.c ogs_pcc_rule_install_flow_from_media denial of service

A security flaw has been discovered in Open5GS up to 2.7.7. This vulnerability affects the function ogs_pcc_rule_install_flow_from_media in the library /lib/proto/types.c. The manipulation results in denial of service. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-362443 | Open5GS types.c ogs_pcc_rule_install_flow_from_media denial of service technical-descriptionvdb-entry
https://github.com/open5gs/open5gs/issues/4441 issue-trackingexploit

Ignored references (3)

https://github.com/open5gs/open5gs/ product
Submit #808445 | Open5gs PCF v2.7.7 Denial of Service third-party-advisory
VDB-362443 | CTI Indicators (IOB, IOC, TTP, IOA) permissions-requiredsignature

Affected products

Open5GS

==2.7.6
==2.7.0
==2.7.7
==2.7.3
==2.7.4
==2.7.2
==2.7.5
==2.7.1

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7
nixos-25.11 2.7.7
- nixos-25.11-small 2.7.7
- nixpkgs-25.11-darwin 2.7.7

Ignored packages (1)

pkgs.open5gs-webui

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7
nixos-25.11 2.7.7
- nixos-25.11-small 2.7.7
- nixpkgs-25.11-darwin 2.7.7

Package maintainers

@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>
@xddxdd Yuhui Xu <b980120@hotmail.com>

Published issues

References

Affected products

Matching in nixpkgs

pkgs.open5gs

pkgs.open5gs-webui

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.open5gs

pkgs.open5gs-webui

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.open5gs

pkgs.open5gs-webui

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.open5gs

pkgs.open5gs-webui

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.open5gs

pkgs.open5gs-webui

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.open5gs

pkgs.open5gs-webui

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.open5gs

pkgs.open5gs-webui

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.open5gs

pkgs.open5gs-webui

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.open5gs

pkgs.open5gs-webui

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.open5gs

pkgs.open5gs-webui

Package maintainers