CVE-2026-7535

Name of the Vulnerable Software and Affected Versions Open5GS versions prior to 2.7.8

Description A remote denial of service can be triggered through the manipulation of the ueContextId variable. This issue exists within the amf namf comm handle registration status update request() function located in the /lib/app/ogs-init.c library, specifically affecting the '/namf-comm/v1/ue-contexts/{ueContextId}/transfer-update' endpoint.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.