CVE-2026-8746

Name of the Vulnerable Software and Affected Versions Open5GS versions prior to 2.7.8

Description A use after free flaw exists in the NRF component within the discover handler() function located in the /lib/sbi/nghttp2-server.c library. This issue allows a remote attacker to manipulate the system, potentially leading to a crash or unauthorized code execution. Use after free occurs when an application continues to use a pointer after it has been freed, which can corrupt memory.

Recommendations Update to a version newer than 2.7.7. As a temporary workaround, restrict access to the NRF component to minimize the risk of exploitation.