NIXPKGS-2026-0828

GitHub issue published on

Permalink CVE-2026-4988

3.7 LOW

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

updated 1 month ago by @LeSuisse Activity log

Created suggestion 1 month ago
@LeSuisse ignored package open5gs-webui 1 month ago
@LeSuisse accepted 1 month ago
@LeSuisse published on GitHub 1 month ago

Open5GS CCA Message smf_s6b denial of service

A security flaw has been discovered in Open5GS 2.7.6. This issue affects the function smf_gx_cca_cb/smf_gy_cca_cb/smf_s6b of the component CCA Message Handler. The manipulation results in denial of service. The attack may be launched remotely. Attacks of this nature are highly complex. The exploitability is assessed as difficult. The exploit has been released to the public and may be used for attacks.

References

VDB-353875 | Open5GS CCA Message smf_s6b denial of service vdb-entrytechnical-description
VDB-353875 | CTI Indicators (IOB, IOC, TTP, IOA) signaturepermissions-required
Submit #771349 | Open5GS SMF v2.7.6 Denial of Service third-party-advisory
https://github.com/open5gs/open5gs/issues/4342 issue-tracking
https://github.com/open5gs/open5gs/issues/4342#issue-4021772232 exploitissue-tracking
https://github.com/open5gs/open5gs/ product

Affected products

Open5GS

==2.7.6

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.6
- nixpkgs-unstable 2.7.6
- nixos-unstable-small 2.7.6
nixos-25.11 2.7.6
- nixos-25.11-small 2.7.6
- nixpkgs-25.11-darwin 2.7.6

Ignored packages (1)

pkgs.open5gs-webui