CVE-2026-2517

Name of the Vulnerable Software and Affected Versions Open5GS versions 2.7.0 through 2.7.6

Description A security issue exists in Open5GS that can lead to a denial of service. The issue is related to the ogs gtp2 parse tft function within the lib/gtp/v2/types.c library of the SMF component. Manipulating the pf[0].content.length argument can cause the service to crash. The issue is remotely exploitable and an exploit has been publicly released.

Recommendations Open5GS versions 2.7.0 through 2.7.6 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.