PT-2026-5597 · Open5Gs · Open5Gs
Ziyulin
·
Published
2026-02-02
·
Updated
2026-02-02
·
CVE-2026-1738
CVSS v4.0
5.5
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Open5GS versions up to 2.7.6
Description
A flaw exists in Open5GS up to version 2.7.6, specifically within the SGWC component. The issue resides in the
sgwc tunnel add function located in the /src/sgwc/context.c file. Manipulation of the pdr argument can trigger a reachable assertion, and the attack can be executed remotely. An exploit for this issue has been published.Recommendations
Versions prior to 2.7.6 should be updated.
Exploit
Fix
Assertion Failure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Open5Gs