CVE-2026-4240
Remote DoS Vulnerability in Open5GS CCA Handler Functions
Publication date: 2026-03-16
Last updated on: 2026-03-20
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| open5gs | open5gs | to 2.7.7 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Open5GS up to version 2.7.6, specifically in the CCA Handler component's functions smf_gx_cca_cb, smf_gy_cca_cb, smf_s6b_aaa_cb, and smf_s6b_sta_cb. It allows an attacker to remotely manipulate these functions, causing a denial of service condition.
The issue has been publicly disclosed and can be exploited remotely without authentication. Upgrading to Open5GS version 2.7.7 resolves this vulnerability.
How can this vulnerability impact me? :
The vulnerability can cause a denial of service (DoS) on the affected Open5GS component, which means that the service may become unavailable or unresponsive.
Since the attack can be initiated remotely and without authentication, it poses a risk of service disruption, potentially affecting network availability and reliability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade Open5GS to version 2.7.7, as this version contains the fix for the issue.
Upgrading the affected component is recommended to prevent denial of service attacks caused by the vulnerability in the CCA Handler functions.