CVE-2026-8289

Name of the Vulnerable Software and Affected Versions Open5GS versions prior to 2.7.8

Description A flaw in the SMF component allows remote attackers to cause a denial of service. The issue exists within the smf nsmf handle update data in vsmf() function located in the /src/smf/nsmf-handler.c file, where improper manipulation of the qosFlowProfile argument triggers the condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the smf nsmf handle update data in vsmf() function to minimize the risk of exploitation.