PT-2026-39596 · Open5Gs · Open5Gs

Franklin

·

Published

2026-05-11

·

Updated

2026-05-11

·

CVE-2026-8289

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Open5GS versions prior to 2.7.8
Description A flaw in the SMF component allows remote attackers to cause a denial of service. The issue exists within the smf nsmf handle update data in vsmf() function located in the /src/smf/nsmf-handler.c file, where improper manipulation of the qosFlowProfile argument triggers the condition.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the smf nsmf handle update data in vsmf() function to minimize the risk of exploitation.

Exploit

DoS

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-8289

Affected Products

Open5Gs