CVE-2026-4240
Awaiting Analysis Awaiting Analysis - Queue
Remote DoS Vulnerability in Open5GS CCA Handler Functions

Publication date: 2026-03-16

Last updated on: 2026-03-20

Assigner: VulDB

Description
A vulnerability was determined in Open5GS up to 2.7.6. The affected element is the function smf_gx_cca_cb/smf_gy_cca_cb/smf_s6b_aaa_cb/smf_s6b_sta_cb of the component CCA Handler. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.7.7 is sufficient to fix this issue. Patch name: 80eb484a6ab32968e755e628b70d1a9c64f012ec. Upgrading the affected component is recommended.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-16
Last Modified
2026-03-20
Generated
2026-06-16
AI Q&A
2026-03-16
EPSS Evaluated
2026-06-15
NVD
CVE-2026-4240
EUVD
EUVD-2026-12433
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
open5gs open5gs to 2.7.7 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-404 The product does not release or incorrectly releases a resource before it is made available for re-use.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Open5GS up to version 2.7.6, specifically in the CCA Handler component's functions smf_gx_cca_cb, smf_gy_cca_cb, smf_s6b_aaa_cb, and smf_s6b_sta_cb. It allows an attacker to remotely manipulate these functions, causing a denial of service condition.

The issue has been publicly disclosed and can be exploited remotely without authentication. Upgrading to Open5GS version 2.7.7 resolves this vulnerability.

Impact Analysis

The vulnerability can cause a denial of service (DoS) on the affected Open5GS component, which means that the service may become unavailable or unresponsive.

Since the attack can be initiated remotely and without authentication, it poses a risk of service disruption, potentially affecting network availability and reliability.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

The immediate step to mitigate this vulnerability is to upgrade Open5GS to version 2.7.7, as this version contains the fix for the issue.

Upgrading the affected component is recommended to prevent denial of service attacks caused by the vulnerability in the CCA Handler functions.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4240. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart