CVE-2026-4988
Received Received - Intake
Denial of Service in Open5GS CCA Message Handler

Publication date: 2026-03-27

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security flaw has been discovered in Open5GS 2.7.6. This issue affects the function smf_gx_cca_cb/smf_gy_cca_cb/smf_s6b of the component CCA Message Handler. The manipulation results in denial of service. The attack may be launched remotely. Attacks of this nature are highly complex. The exploitability is assessed as difficult. The exploit has been released to the public and may be used for attacks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-27
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-03-28
EPSS Evaluated
2026-06-15
NVD
CVE-2026-4988
EUVD
EUVD-2026-16895
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
open5gs open5gs 2.7.6
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-404 The product does not release or incorrectly releases a resource before it is made available for re-use.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a security flaw found in Open5GS version 2.7.6, specifically in the CCA Message Handler component's functions smf_gx_cca_cb, smf_gy_cca_cb, and smf_s6b_cca_cb. The flaw allows an attacker to manipulate these functions to cause a denial of service (DoS) condition.

The attack can be launched remotely, but it is considered highly complex and difficult to exploit. Despite this, the exploit code has been publicly released, which means attackers could potentially use it.

Impact Analysis

The primary impact of this vulnerability is a denial of service (DoS), which means that an attacker could disrupt the normal operation of the affected Open5GS system by causing it to become unavailable or unresponsive.

Since the attack can be launched remotely, it could affect systems exposed to untrusted networks, potentially leading to service outages or interruptions.

However, the exploitability is rated as difficult, which may reduce the likelihood of successful attacks in some environments.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4988. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart