Nixpkgs security tracker

Permalink CVE-2026-8123

2.1 LOW

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): Low (L)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Exploit Maturity (E): POC (P)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): Low (L)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)

created 1 month ago Activity log

Created suggestion 1 month ago

Open5GS NSSF message.c ogs_sbi_discovery_option_add_snssais denial of service

A vulnerability was determined in Open5GS up to 2.7.7. This impacts the function ogs_sbi_discovery_option_add_snssais in the library /lib/sbi/message.c of the component NSSF. This manipulation causes denial of service. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-361910 | Open5GS NSSF message.c ogs_sbi_discovery_option_add_snssais denial of service technical-descriptionvdb-entry
VDB-361910 | CTI Indicators (IOB, IOC, TTP, IOA) permissions-requiredsignature
Submit #808426 | Open5gs NSSF v2.7.7 Denial of Service third-party-advisory
https://github.com/open5gs/open5gs/issues/4436 issue-trackingexploit
https://github.com/open5gs/open5gs/ product

Affected products

Open5GS

==2.7.1
==2.7.4
==2.7.7
==2.7.0
==2.7.3
==2.7.5
==2.7.6
==2.7.2

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

pkgs.open5gs-webui

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Package maintainers

@xddxdd Yuhui Xu <b980120@hotmail.com>
@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>

Permalink CVE-2026-8122

2.1 LOW

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): Low (L)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Exploit Maturity (E): POC (P)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): Low (L)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)

created 1 month ago Activity log

Created suggestion 1 month ago

Open5GS NSSF message.c ogs_sbi_discovery_option_add_service_names denial of service

A vulnerability was found in Open5GS up to 2.7.7. This affects the function ogs_sbi_discovery_option_add_service_names in the library /lib/sbi/message.c of the component NSSF. The manipulation results in denial of service. The attack may be performed from remote. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-361909 | Open5GS NSSF message.c ogs_sbi_discovery_option_add_service_names denial of service technical-descriptionvdb-entry
VDB-361909 | CTI Indicators (IOB, IOC, TTP, IOA) permissions-requiredsignature
Submit #808425 | Open5gs NSSF v2.7.7 Denial of Service third-party-advisory
https://github.com/open5gs/open5gs/issues/4435 issue-trackingexploit
https://github.com/open5gs/open5gs/ product

Affected products

Open5GS

==2.7.1
==2.7.4
==2.7.7
==2.7.0
==2.7.3
==2.7.5
==2.7.6
==2.7.2

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

pkgs.open5gs-webui

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Package maintainers

@xddxdd Yuhui Xu <b980120@hotmail.com>
@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>

Permalink CVE-2026-8121

2.1 LOW

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): Low (L)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Exploit Maturity (E): POC (P)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): Low (L)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)

created 1 month ago Activity log

Created suggestion 1 month ago

Open5GS NSSF conv.c ogs_sbi_parse_plmn_list denial of service

A vulnerability has been found in Open5GS up to 2.7.7. The impacted element is the function ogs_sbi_parse_plmn_list in the library /lib/sbi/conv.c of the component NSSF. The manipulation leads to denial of service. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-361908 | Open5GS NSSF conv.c ogs_sbi_parse_plmn_list denial of service technical-descriptionvdb-entry
VDB-361908 | CTI Indicators (IOB, IOC, TTP, IOA) permissions-requiredsignature
Submit #808422 | Open5gs NSSF v2.7.7 Denial of Service third-party-advisory
Submit #808424 | Open5gs NSSF v2.7.7 Denial of Service (Duplicate) third-party-advisory
https://github.com/open5gs/open5gs/issues/4433 issue-trackingexploit
https://github.com/open5gs/open5gs/ product

Affected products

Open5GS

==2.7.1
==2.7.4
==2.7.7
==2.7.0
==2.7.3
==2.7.5
==2.7.6
==2.7.2

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

pkgs.open5gs-webui

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Package maintainers

@xddxdd Yuhui Xu <b980120@hotmail.com>
@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>

Permalink CVE-2026-8119

1.9 LOW

CVSS version (CVSS): 4.0
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): Low (L)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Exploit Maturity (E): POC (P)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): Low (L)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)

created 1 month ago Activity log

Created suggestion 1 month ago

Open5GS NSSF nghttp2-server.c ogs_sbi_stream_find_by_id denial of service

A vulnerability was detected in Open5GS up to 2.7.7. Impacted is the function ogs_sbi_stream_find_by_id in the library /lib/sbi/nghttp2-server.c of the component NSSF. Performing a manipulation results in denial of service. Attacking locally is a requirement. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-361906 | Open5GS NSSF nghttp2-server.c ogs_sbi_stream_find_by_id denial of service technical-descriptionvdb-entry
VDB-361906 | CTI Indicators (IOB, IOC, IOA) permissions-requiredsignature
Submit #808420 | Open5gs NSSF v2.7.7 Denial of Service third-party-advisory
https://github.com/open5gs/open5gs/issues/4431 issue-trackingexploit
https://github.com/open5gs/open5gs/ product

Affected products

Open5GS

==2.7.1
==2.7.4
==2.7.7
==2.7.0
==2.7.3
==2.7.5
==2.7.6
==2.7.2

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

pkgs.open5gs-webui

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Package maintainers

@xddxdd Yuhui Xu <b980120@hotmail.com>
@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>

Permalink CVE-2026-4240

5.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): Low (L)
Exploit Code Maturity (E): Proof-of-Concept (P)
Remediation Level (RL): Official Fix (O)
Report Confidence (RC): Confirmed (C)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): Low (L)

created 2 months, 4 weeks ago Activity log

Created suggestion 2 months, 4 weeks ago

Open5GS CCA smf_s6b_sta_cb denial of service

A vulnerability was determined in Open5GS up to 2.7.6. The affected element is the function smf_gx_cca_cb/smf_gy_cca_cb/smf_s6b_aaa_cb/smf_s6b_sta_cb of the component CCA Handler. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.7.7 is sufficient to fix this issue. Patch name: 80eb484a6ab32968e755e628b70d1a9c64f012ec. Upgrading the affected component is recommended.

References

VDB-351182 | Open5GS CCA smf_s6b_sta_cb denial of service technical-descriptionvdb-entry
VDB-351182 | CTI Indicators (IOB, IOC, TTP, IOA) permissions-requiredsignature
Submit #771361 | Open5GS MME v2.7.6 Improper Authentication third-party-advisory
https://github.com/open5gs/open5gs/issues/4343 issue-tracking
https://github.com/open5gs/open5gs/issues/4343#issue-4021871895 issue-trackingexploit
https://github.com/open5gs/open5gs/commit/80eb484a6ab32968e755e628b70d1a9c64f01… patch
https://github.com/open5gs/open5gs/releases/tag/v2.7.7 patch
https://github.com/open5gs/open5gs/ product

Affected products

Open5GS

==2.7.1
==2.7.4
==2.7.7
==2.7.0
==2.7.3
==2.7.5
==2.7.6
==2.7.2

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.6
- nixpkgs-unstable 2.7.6
- nixos-unstable-small 2.7.6

pkgs.open5gs-webui

4G/5G core network components

nixos-unstable 2.7.6
- nixpkgs-unstable 2.7.6
- nixos-unstable-small 2.7.6

Package maintainers

@xddxdd Yuhui Xu <b980120@hotmail.com>
@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>

Permalink CVE-2026-2524

5.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): Low (L)
Exploit Code Maturity (E): Proof-of-Concept (P)
Remediation Level (RL): Not Defined (X)
Report Confidence (RC): Reasonable (R)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): Low (L)

created 3 months, 3 weeks ago Activity log

Created suggestion 3 months, 3 weeks ago

Open5GS MME mme_s11_handle_create_session_response denial of service

A flaw has been found in Open5GS 2.7.6. The impacted element is the function mme_s11_handle_create_session_response of the component MME. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-346112 | Open5GS MME mme_s11_handle_create_session_response denial of service technical-descriptionvdb-entry
VDB-346112 | CTI Indicators (IOB, IOC, TTP, IOA) permissions-requiredsignature
Submit #738369 | Open5GS MME v2.7.6 Denial of Service third-party-advisory
https://github.com/open5gs/open5gs/issues/4284 issue-tracking
https://github.com/open5gs/open5gs/issues/4284#issue-3808462406 issue-trackingexploit
https://github.com/open5gs/open5gs/ product

Affected products

Open5GS

==2.7.6

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.6
- nixpkgs-unstable 2.7.6
- nixos-unstable-small 2.7.6

pkgs.open5gs-webui

4G/5G core network components

nixos-unstable 2.7.6
- nixpkgs-unstable 2.7.6
- nixos-unstable-small 2.7.6

Package maintainers

@xddxdd Yuhui Xu <b980120@hotmail.com>
@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>

Permalink CVE-2026-2523

5.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): Low (L)
Exploit Code Maturity (E): Proof-of-Concept (P)
Remediation Level (RL): Not Defined (X)
Report Confidence (RC): Reasonable (R)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): Low (L)

created 3 months, 3 weeks ago Activity log

Created suggestion 3 months, 3 weeks ago

Open5GS SMF gn-handler.c smf_gn_handle_create_pdp_context_request assertion

A vulnerability was detected in Open5GS up to 2.7.6. The affected element is the function smf_gn_handle_create_pdp_context_request of the file /src/smf/gn-handler.c of the component SMF. The manipulation results in reachable assertion. It is possible to launch the attack remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-346111 | Open5GS SMF gn-handler.c smf_gn_handle_create_pdp_context_request assertion technical-descriptionvdb-entry
VDB-346111 | CTI Indicators (IOB, IOC, IOA) permissions-requiredsignature
Submit #738342 | Open5GS SMF v2.7.6 Denial of Service third-party-advisory
https://github.com/open5gs/open5gs/issues/4285 issue-tracking
https://github.com/open5gs/open5gs/issues/4285#issue-3809055236 issue-trackingexploit
https://github.com/open5gs/open5gs/ product

Affected products

Open5GS

==2.7.1
==2.7.4
==2.7.0
==2.7.3
==2.7.5
==2.7.6
==2.7.2

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.6
- nixpkgs-unstable 2.7.6
- nixos-unstable-small 2.7.6

pkgs.open5gs-webui

4G/5G core network components

nixos-unstable 2.7.6
- nixpkgs-unstable 2.7.6
- nixos-unstable-small 2.7.6

Package maintainers

@xddxdd Yuhui Xu <b980120@hotmail.com>
@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>

Permalink CVE-2026-1736

5.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): Low (L)
Exploit Code Maturity (E): Proof-of-Concept (P)
Remediation Level (RL): Official Fix (O)
Report Confidence (RC): Confirmed (C)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): Low (L)

created 4 months, 1 week ago Activity log

Created suggestion 4 months, 1 week ago

Open5GS SGWC s11-handler.c assertion

A security vulnerability has been detected in Open5GS up to 2.7.6. Impacted is the function sgwc_s11_handle_create_indirect_data_forwarding_tunnel_request of the file /src/sgwc/s11-handler.c of the component SGWC. Such manipulation leads to reachable assertion. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. A patch should be applied to remediate this issue. The issue report is flagged as already-fixed.

References

VDB-343635 | Open5GS SGWC s11-handler.c assertion technical-descriptionvdb-entry
VDB-343635 | CTI Indicators (IOB, IOC, IOA) permissions-requiredsignature
Submit #741191 | Open5GS SGWC v2.7.6 Denial of Service third-party-advisory
https://github.com/open5gs/open5gs/issues/4270 issue-tracking
https://github.com/open5gs/open5gs/issues/4270#event-21968624624 issue-tracking
https://github.com/open5gs/open5gs/issues/4270#issue-3795141303 issue-trackingexploit
https://github.com/open5gs/open5gs/ product

Affected products

Open5GS

==2.7.1
==2.7.4
==2.7.0
==2.7.3
==2.7.5
==2.7.6
==2.7.2

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.6
- nixpkgs-unstable 2.7.6
- nixos-unstable-small 2.7.6

pkgs.open5gs-webui

4G/5G core network components

nixos-unstable 2.7.6
- nixpkgs-unstable 2.7.6
- nixos-unstable-small 2.7.6

Package maintainers

@xddxdd Yuhui Xu <b980120@hotmail.com>
@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>

Permalink CVE-2026-1737

5.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): Low (L)
Exploit Code Maturity (E): Proof-of-Concept (P)
Remediation Level (RL): Official Fix (O)
Report Confidence (RC): Confirmed (C)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): Low (L)

created 4 months, 1 week ago Activity log

Created suggestion 4 months, 1 week ago

Open5GS CreateBearerRequest s5c-handler.c sgwc_s5c_handle_create_bearer_request assertion

A vulnerability was detected in Open5GS up to 2.7.6. The affected element is the function sgwc_s5c_handle_create_bearer_request of the file /src/sgwc/s5c-handler.c of the component CreateBearerRequest Handler. Performing a manipulation results in reachable assertion. Remote exploitation of the attack is possible. The exploit is now public and may be used. To fix this issue, it is recommended to deploy a patch. The issue report is flagged as already-fixed.

References

VDB-343636 | Open5GS CreateBearerRequest s5c-handler.c sgwc_s5c_handle_create_bearer_request assertion technical-descriptionvdb-entry
VDB-343636 | CTI Indicators (IOB, IOC, IOA) permissions-requiredsignature
Submit #741192 | Open5GS SGWC v2.7.6 Denial of Service third-party-advisory
https://github.com/open5gs/open5gs/issues/4271 issue-tracking
https://github.com/open5gs/open5gs/issues/4271#event-21968630023 issue-tracking
https://github.com/open5gs/open5gs/issues/4271#issue-3795147720 issue-trackingexploit
https://github.com/open5gs/open5gs/ product

Affected products

Open5GS

==2.7.1
==2.7.4
==2.7.0
==2.7.3
==2.7.5
==2.7.6
==2.7.2

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.6
- nixpkgs-unstable 2.7.6
- nixos-unstable-small 2.7.6

pkgs.open5gs-webui

4G/5G core network components

nixos-unstable 2.7.6
- nixpkgs-unstable 2.7.6
- nixos-unstable-small 2.7.6

Package maintainers

@xddxdd Yuhui Xu <b980120@hotmail.com>
@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>

Permalink CVE-2026-1587

5.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): Low (L)
Exploit Code Maturity (E): Proof-of-Concept (P)
Remediation Level (RL): Official Fix (O)
Report Confidence (RC): Confirmed (C)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): Low (L)

created 4 months, 2 weeks ago Activity log

Created suggestion 4 months, 2 weeks ago

Open5GS SGWC s11-handler.c sgwc_s11_handle_modify_bearer_request denial of service

A vulnerability has been found in Open5GS up to 2.7.6. The affected element is the function sgwc_s11_handle_modify_bearer_request of the file /sgwc/s11-handler.c of the component SGWC. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Applying a patch is the recommended action to fix this issue. The issue report is flagged as already-fixed.

References

VDB-343350 | Open5GS SGWC s11-handler.c sgwc_s11_handle_modify_bearer_request denial of service technical-descriptionvdb-entry
VDB-343350 | CTI Indicators (IOB, IOC, TTP, IOA) permissions-requiredsignature
Submit #738376 | Open5GS SGWC v2.7.6 Denial of Service third-party-advisory
https://github.com/open5gs/open5gs/issues/4272 issue-tracking
https://github.com/open5gs/open5gs/issues/4272#event-21968635948 issue-tracking
https://github.com/open5gs/open5gs/issues/4272#issue-3795156752 issue-trackingexploit

Affected products

Open5GS

==2.7.1
==2.7.4
==2.7.0
==2.7.3
==2.7.5
==2.7.6
==2.7.2

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.6
- nixpkgs-unstable 2.7.6
- nixos-unstable-small 2.7.6

pkgs.open5gs-webui

4G/5G core network components

nixos-unstable 2.7.6
- nixpkgs-unstable 2.7.6
- nixos-unstable-small 2.7.6

Package maintainers

@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>
@xddxdd Yuhui Xu <b980120@hotmail.com>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.open5gs

pkgs.open5gs-webui

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.open5gs

pkgs.open5gs-webui

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.open5gs

pkgs.open5gs-webui

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.open5gs

pkgs.open5gs-webui

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.open5gs

pkgs.open5gs-webui

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.open5gs

pkgs.open5gs-webui

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.open5gs

pkgs.open5gs-webui

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.open5gs

pkgs.open5gs-webui

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.open5gs

pkgs.open5gs-webui

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.open5gs

pkgs.open5gs-webui

Package maintainers