CVE-2026-4988
Denial of Service in Open5GS CCA Message Handler
Publication date: 2026-03-27
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| open5gs | open5gs | 2.7.6 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a security flaw found in Open5GS version 2.7.6, specifically in the CCA Message Handler component's functions smf_gx_cca_cb, smf_gy_cca_cb, and smf_s6b_cca_cb. The flaw allows an attacker to manipulate these functions to cause a denial of service (DoS) condition.
The attack can be launched remotely, but it is considered highly complex and difficult to exploit. Despite this, the exploit code has been publicly released, which means attackers could potentially use it.
How can this vulnerability impact me? :
The primary impact of this vulnerability is a denial of service (DoS), which means that an attacker could disrupt the normal operation of the affected Open5GS system by causing it to become unavailable or unresponsive.
Since the attack can be launched remotely, it could affect systems exposed to untrusted networks, potentially leading to service outages or interruptions.
However, the exploitability is rated as difficult, which may reduce the likelihood of successful attacks in some environments.