CVE-2026-8248

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Open5GS versions prior to 2.7.8

Description A remote denial of service issue exists in the SMF component. The flaw is located in the update authorized pcc rule and qos() function within the /src/smf/npcf-handler.c file. An attacker can remotely manipulate this function to cause the system to become unavailable.

Recommendations Update to a version later than 2.7.7. As a temporary workaround, restrict access to the SMF component to minimize the risk of exploitation.

Exploit

Fix

DoS

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404

Related Identifiers

CVE-2026-8248

Affected Products

Open5Gs

CVE-2026-8248

Weakness Enumeration

Related Identifiers

Affected Products

References · 11