Nixpkgs security tracker

Published

Permalink CVE-2026-8288

2.1 LOW

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): Low (L)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Exploit Maturity (E): POC (P)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): Low (L)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)

updated 1 month ago by @LeSuisse Activity log

Created suggestion 1 month ago
@LeSuisse ignored package open5gs-webui 1 month ago
@LeSuisse ignored
3 references
1 month ago
@LeSuisse accepted 1 month ago
@LeSuisse published on GitHub 1 month ago

Open5GS SMF gsm-handler.c denial of service

A vulnerability was determined in Open5GS up to 2.7.7. This affects the function gsm_handle_pdu_session_modification_qos_flow_descriptions of the file src/smf/gsm-handler.c of the component SMF. Executing a manipulation of the argument n1SmMsg can lead to denial of service. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.

References

VDB-362585 | Open5GS SMF gsm-handler.c denial of service technical-descriptionvdb-entry
https://github.com/open5gs/open5gs/issues/4452 issue-trackingexploit
https://github.com/open5gs/open5gs/pull/4513 issue-trackingpatch

Ignored references (3)

VDB-362585 | CTI Indicators (IOB, IOC, TTP, IOA) permissions-requiredsignature
Submit #808489 | Open5gs SMF v2.7.7 Denial of Service third-party-advisory
https://github.com/open5gs/open5gs/ product

Affected products

Open5GS

==2.7.1
==2.7.4
==2.7.7
==2.7.0
==2.7.3
==2.7.5
==2.7.6
==2.7.2

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Ignored packages (1)

pkgs.open5gs-webui

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Package maintainers

@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>
@xddxdd Yuhui Xu <b980120@hotmail.com>

Published

Permalink CVE-2026-8290

2.1 LOW

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): Low (L)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Exploit Maturity (E): POC (P)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): Low (L)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)

updated 1 month ago by @LeSuisse Activity log

Created suggestion 1 month ago
@LeSuisse ignored package open5gs-webui 1 month ago
@LeSuisse ignored
3 references
1 month ago
@LeSuisse accepted 1 month ago
@LeSuisse published on GitHub 1 month ago

Open5GS SMF nsmf-handler.c smf_nsmf_handle_update_data_in_vsmf denial of service

A security flaw has been discovered in Open5GS up to 2.7.7. This issue affects the function smf_nsmf_handle_update_data_in_vsmf of the file /src/smf/nsmf-handler.c of the component SMF. The manipulation results in denial of service. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-362587 | Open5GS SMF nsmf-handler.c smf_nsmf_handle_update_data_in_vsmf denial of service technical-descriptionvdb-entry
https://github.com/open5gs/open5gs/issues/4454 issue-trackingexploit

Ignored references (3)

VDB-362587 | CTI Indicators (IOB, IOC, TTP, IOA) permissions-requiredsignature
Submit #808507 | Open5gs SMF v2.7.7 Denial of Service third-party-advisoryexploit
https://github.com/open5gs/open5gs/ product

Affected products

Open5GS

==2.7.1
==2.7.4
==2.7.7
==2.7.0
==2.7.3
==2.7.5
==2.7.6
==2.7.2

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Ignored packages (1)

pkgs.open5gs-webui

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Package maintainers

@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>
@xddxdd Yuhui Xu <b980120@hotmail.com>

Published

Permalink CVE-2026-8267

2.1 LOW

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): Low (L)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Exploit Maturity (E): POC (P)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): Low (L)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)

updated 1 month ago by @LeSuisse Activity log

Created suggestion 1 month ago
@LeSuisse ignored
3 references
1 month ago
@LeSuisse ignored package open5gs-webui 1 month ago
@LeSuisse accepted 1 month ago
@LeSuisse published on GitHub 1 month ago

Open5GS SMF smf_nsmf_handle_created_data_in_vsmf denial of service

A flaw has been found in Open5GS up to 2.7.7. This vulnerability affects the function smf_nsmf_handle_created_data_in_vsmf of the component SMF. This manipulation causes denial of service. The attack may be initiated remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-362564 | Open5GS SMF smf_nsmf_handle_created_data_in_vsmf denial of service technical-descriptionvdb-entry
https://github.com/open5gs/open5gs/issues/4448 issue-trackingexploit

Ignored references (3)

VDB-362564 | CTI Indicators (IOB, IOC, TTP, IOA) permissions-requiredsignature
Submit #808484 | Open5gs SMF v2.7.7 Denial of Service third-party-advisoryexploit
https://github.com/open5gs/open5gs/ product

Affected products

Open5GS

==2.7.1
==2.7.4
==2.7.7
==2.7.0
==2.7.3
==2.7.5
==2.7.6
==2.7.2

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Ignored packages (1)

pkgs.open5gs-webui

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Package maintainers

@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>
@xddxdd Yuhui Xu <b980120@hotmail.com>

Published

Permalink CVE-2026-8270

2.1 LOW

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): Low (L)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Exploit Maturity (E): POC (P)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): Low (L)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)

updated 1 month ago by @LeSuisse Activity log

Created suggestion 1 month ago
@LeSuisse ignored package open5gs-webui 1 month ago
@LeSuisse ignored
3 references
1 month ago
@LeSuisse accepted 1 month ago
@LeSuisse published on GitHub 1 month ago

Open5GS SMF ogs_nas_parse_qos_rules denial of service

A vulnerability was determined in Open5GS up to 2.7.7. The affected element is the function ogs_nas_parse_qos_rules of the component SMF. Executing a manipulation can lead to denial of service. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-362567 | Open5GS SMF ogs_nas_parse_qos_rules denial of service technical-descriptionvdb-entry
https://github.com/open5gs/open5gs/issues/4451 issue-trackingexploit

Ignored references (3)

VDB-362567 | CTI Indicators (IOB, IOC, TTP, IOA) permissions-requiredsignature
Submit #808488 | Open5gs SMF v2.7.7 Denial of Service third-party-advisory
https://github.com/open5gs/open5gs/ product

Affected products

Open5GS

==2.7.1
==2.7.4
==2.7.7
==2.7.0
==2.7.3
==2.7.5
==2.7.6
==2.7.2

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Ignored packages (1)

pkgs.open5gs-webui

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Package maintainers

@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>
@xddxdd Yuhui Xu <b980120@hotmail.com>

Published

Permalink CVE-2026-8289

2.1 LOW

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): Low (L)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Exploit Maturity (E): POC (P)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): Low (L)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)

updated 1 month ago by @LeSuisse Activity log

Created suggestion 1 month ago
@LeSuisse ignored
3 references
1 month ago
@LeSuisse ignored package open5gs-webui 1 month ago
@LeSuisse accepted 1 month ago
@LeSuisse published on GitHub 1 month ago

Open5GS SMF nsmf-handler.c smf_nsmf_handle_update_data_in_vsmf denial of service

A vulnerability was identified in Open5GS up to 2.7.7. This vulnerability affects the function smf_nsmf_handle_update_data_in_vsmf of the file /src/smf/nsmf-handler.c of the component SMF. The manipulation of the argument qosFlowProfile leads to denial of service. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-362586 | Open5GS SMF nsmf-handler.c smf_nsmf_handle_update_data_in_vsmf denial of service technical-descriptionvdb-entry
https://github.com/open5gs/open5gs/issues/4453 issue-trackingexploit

Ignored references (3)

VDB-362586 | CTI Indicators (IOB, IOC, TTP, IOA) permissions-requiredsignature
Submit #808490 | Open5gs SMF v2.7.7 Denial of Service third-party-advisory
https://github.com/open5gs/open5gs/ product

Affected products

Open5GS

==2.7.1
==2.7.7
==2.7.4
==2.7.0
==2.7.3
==2.7.5
==2.7.6
==2.7.2

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Ignored packages (1)

pkgs.open5gs-webui

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Package maintainers

@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>
@xddxdd Yuhui Xu <b980120@hotmail.com>

Published

Permalink CVE-2026-8266

2.1 LOW

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): Low (L)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Exploit Maturity (E): POC (P)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): Low (L)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)

updated 1 month ago by @LeSuisse Activity log

Created suggestion 1 month ago
@LeSuisse ignored
3 references
1 month ago
@LeSuisse ignored package open5gs-webui 1 month ago
@LeSuisse accepted 1 month ago
@LeSuisse published on GitHub 1 month ago

Open5GS SMF gsm-build.c gsm_build_pdu_session_establishment_accept denial of service

A vulnerability was detected in Open5GS up to 2.7.7. This affects the function gsm_build_pdu_session_establishment_accept of the file /src/smf/gsm-build.c of the component SMF. The manipulation results in denial of service. The attack can be launched remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-362563 | Open5GS SMF gsm-build.c gsm_build_pdu_session_establishment_accept denial of service technical-descriptionvdb-entry
https://github.com/open5gs/open5gs/issues/4447 issue-trackingexploit

Ignored references (3)

VDB-362563 | CTI Indicators (IOB, IOC, TTP, IOA) permissions-requiredsignature
Submit #808483 | Open5gs SMF v2.7.7 Denial of Service third-party-advisory
https://github.com/open5gs/open5gs/ product

Affected products

Open5GS

==2.7.1
==2.7.4
==2.7.7
==2.7.0
==2.7.3
==2.7.5
==2.7.6
==2.7.2

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Ignored packages (1)

pkgs.open5gs-webui

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Package maintainers

@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>
@xddxdd Yuhui Xu <b980120@hotmail.com>

Published

Permalink CVE-2026-8248

2.1 LOW

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): Low (L)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Exploit Maturity (E): POC (P)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): Low (L)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)

updated 1 month ago by @LeSuisse Activity log

Created suggestion 1 month ago
@LeSuisse ignored
3 references
1 month ago
@LeSuisse ignored package open5gs-webui 1 month ago
@LeSuisse accepted 1 month ago
@LeSuisse published on GitHub 1 month ago

Open5GS SMF npcf-handler.c update_authorized_pcc_rule_and_qos denial of service

A vulnerability was detected in Open5GS up to 2.7.7. The affected element is the function update_authorized_pcc_rule_and_qos of the file /src/smf/npcf-handler.c of the component SMF. The manipulation results in denial of service. The attack may be launched remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-362545 | Open5GS SMF npcf-handler.c update_authorized_pcc_rule_and_qos denial of service technical-descriptionvdb-entry
https://github.com/open5gs/open5gs/issues/4442 issue-trackingexploit

Ignored references (3)

VDB-362545 | CTI Indicators (IOB, IOC, TTP, IOA) permissions-requiredsignature
Submit #808472 | Open5gs SMF v2.7.7 Denial of Service third-party-advisory
https://github.com/open5gs/open5gs/ product

Affected products

Open5GS

==2.7.1
==2.7.4
==2.7.7
==2.7.0
==2.7.3
==2.7.5
==2.7.6
==2.7.2

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Ignored packages (1)

pkgs.open5gs-webui

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Package maintainers

@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>
@xddxdd Yuhui Xu <b980120@hotmail.com>

Published

Permalink CVE-2026-8222

5.5 MEDIUM

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): Low (L)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Exploit Maturity (E): POC (P)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): Low (L)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)

updated 1 month ago by @LeSuisse Activity log

Created suggestion 1 month ago
@LeSuisse ignored package open5gs-webui 1 month ago
@LeSuisse ignored
3 references
1 month ago
@LeSuisse accepted 1 month ago
@LeSuisse published on GitHub 1 month ago

Open5GS sm-policies Endpoint nbsf-handler.c pcf_nbsf_management_handle_register denial of service

A vulnerability has been found in Open5GS up to 2.7.7. Affected is the function pcf_nbsf_management_handle_register of the file src/pcf/nbsf-handler.c of the component sm-policies Endpoint. Such manipulation leads to denial of service. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-362439 | Open5GS sm-policies Endpoint nbsf-handler.c pcf_nbsf_management_handle_register denial of service technical-descriptionvdb-entry
https://github.com/open5gs/open5gs/issues/4437 issue-trackingexploit

Ignored references (3)

VDB-362439 | CTI Indicators (IOB, IOC, TTP, IOA) permissions-requiredsignature
Submit #808427 | Open5gs PCF v2.7.7 Denial of Service third-party-advisory
https://github.com/open5gs/open5gs/ product

Affected products

Open5GS

==2.7.1
==2.7.4
==2.7.7
==2.7.0
==2.7.3
==2.7.5
==2.7.6
==2.7.2

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Ignored packages (1)

pkgs.open5gs-webui

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Package maintainers

@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>
@xddxdd Yuhui Xu <b980120@hotmail.com>

Published

Permalink CVE-2026-8249

2.1 LOW

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): Low (L)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Exploit Maturity (E): POC (P)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): Low (L)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)

updated 1 month ago by @LeSuisse Activity log

Created suggestion 1 month ago
@LeSuisse ignored
3 references
1 month ago
@LeSuisse ignored package open5gs-webui 1 month ago
@LeSuisse accepted 1 month ago
@LeSuisse published on GitHub 1 month ago

Open5GS SMF npcf-handler.c update_authorized_pcc_rule_and_qos denial of service

A flaw has been found in Open5GS up to 2.7.7. The impacted element is the function update_authorized_pcc_rule_and_qos of the file /src/smf/npcf-handler.c of the component SMF. This manipulation causes denial of service. Remote exploitation of the attack is possible. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-362546 | Open5GS SMF npcf-handler.c update_authorized_pcc_rule_and_qos denial of service technical-descriptionvdb-entry
https://github.com/open5gs/open5gs/issues/4443 issue-trackingexploit

Ignored references (3)

VDB-362546 | CTI Indicators (IOB, IOC, TTP, IOA) permissions-requiredsignature
Submit #808473 | Open5gs SMF v2.7.7 Denial of Service third-party-advisory
https://github.com/open5gs/open5gs/ product

Affected products

Open5GS

==2.7.1
==2.7.4
==2.7.7
==2.7.0
==2.7.3
==2.7.5
==2.7.6
==2.7.2

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Ignored packages (1)

pkgs.open5gs-webui

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Package maintainers

@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>
@xddxdd Yuhui Xu <b980120@hotmail.com>

Published

Permalink CVE-2026-8250

2.1 LOW

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): Low (L)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Exploit Maturity (E): POC (P)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): Low (L)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)

updated 1 month ago by @LeSuisse Activity log

Created suggestion 1 month ago
@LeSuisse ignored
3 references
1 month ago
@LeSuisse ignored package open5gs-webui 1 month ago
@LeSuisse accepted 1 month ago
@LeSuisse published on GitHub 1 month ago

Open5GS SMF n4-build.c smf_n4_build_qos_flow_to_modify_list denial of service

A vulnerability has been found in Open5GS up to 2.7.7. This affects the function smf_n4_build_qos_flow_to_modify_list of the file /src/smf/n4-build.c of the component SMF. Such manipulation leads to denial of service. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-362547 | Open5GS SMF n4-build.c smf_n4_build_qos_flow_to_modify_list denial of service technical-descriptionvdb-entry
https://github.com/open5gs/open5gs/issues/4444 issue-trackingexploit

Ignored references (3)

VDB-362547 | CTI Indicators (IOB, IOC, TTP, IOA) permissions-requiredsignature
Submit #808476 | Open5gs SMF v2.7.7 Denial of Service third-party-advisory
https://github.com/open5gs/open5gs/ product

Affected products

Open5GS

==2.7.1
==2.7.4
==2.7.7
==2.7.0
==2.7.3
==2.7.5
==2.7.6
==2.7.2

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Ignored packages (1)

pkgs.open5gs-webui

4G/5G core network components

nixos-unstable 2.7.7
- nixpkgs-unstable 2.7.7
- nixos-unstable-small 2.7.7

Package maintainers

@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>
@xddxdd Yuhui Xu <b980120@hotmail.com>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.open5gs

pkgs.open5gs-webui

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.open5gs

pkgs.open5gs-webui

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.open5gs

pkgs.open5gs-webui

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.open5gs

pkgs.open5gs-webui

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.open5gs

pkgs.open5gs-webui

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.open5gs

pkgs.open5gs-webui

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.open5gs

pkgs.open5gs-webui

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.open5gs

pkgs.open5gs-webui

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.open5gs

pkgs.open5gs-webui

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.open5gs

pkgs.open5gs-webui

Package maintainers