CVE-2026-2521

Name of the Vulnerable Software and Affected Versions Open5GS versions prior to 2.7.7

Description A flaw exists in Open5GS up to version 2.7.6 related to the sgwc s5c handle create session response function within the SGW-C component. A manipulation can lead to memory corruption and may be performed remotely. The exploit has been publicly released. The project was notified of the issue but has not yet responded.

Recommendations Update to version 2.7.7 or later. As a temporary workaround, consider restricting access to the sgwc s5c handle create session response function until a patch is available.