CVE-2026-10114
Deferred Deferred - Pending Action
Out-of-Bounds Write in Open5GS Shared NF-Profile Parser

Publication date: 2026-05-30

Last updated on: 2026-06-02

Assigner: VulDB

Description
A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function handle_scp_info in the library lib/sbi/nnrf-handler.c of the component Shared NF-profile Parser. This manipulation causes out-of-bounds write. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. To fix this issue, it is recommended to deploy a patch.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-30
Last Modified
2026-06-02
Generated
2026-06-19
AI Q&A
2026-05-30
EPSS Evaluated
2026-06-18
NVD
CVE-2026-10114
EUVD
EUVD-2026-33456
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
open5gs open5gs to 2.7.7 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability CVE-2026-10114 is a buffer overflow issue in Open5GS, specifically in the shared NF-profile parser component within the function handle_scp_info in the file lib/sbi/nnrf-handler.c.

The problem arises because attacker-controlled SCP domain entries are copied into a fixed-size array without proper bounds checking, leading to an out-of-bounds write.

This memory corruption can cause a segmentation fault and crash affected network functions such as AMF, AUSF, BSF, NSSF, PCF, SMF, UDM, UDR, SCP, SEPP, and NRF.

The vulnerability can be triggered remotely by sending maliciously crafted NF-profile data, for example, an HTTP/2 request with excessive scpDomainInfoList entries to the NRF endpoint.

A patch has been released to fix this issue.

Impact Analysis

This vulnerability can cause memory corruption leading to a segmentation fault, which results in the crash of critical 5G core network functions.

Such crashes can disrupt network services provided by affected components like AMF, AUSF, BSF, NSSF, PCF, SMF, UDM, UDR, SCP, SEPP, and NRF.

Because the attack can be initiated remotely, it poses a risk of denial of service (DoS) against the 5G core network infrastructure.

Detection Guidance

This vulnerability can be detected by monitoring for segmentation faults (exit code 139) in affected Open5GS network functions such as AMF, AUSF, BSF, NSSF, PCF, SMF, UDM, UDR, SCP, SEPP, and NRF. The issue is triggered by processing maliciously crafted NF-profile data containing excessive scpDomainInfoList entries in HTTP/2 requests to the NRF endpoint.

To detect exploitation attempts, you can capture and analyze HTTP/2 traffic to the NRF endpoint for unusually large or malformed scpDomainInfoList entries.

While no specific commands are provided in the resources, general detection steps include:

  • Check system logs for segmentation faults related to Open5GS processes (e.g., using `journalctl -xe` or `dmesg` on Linux).
  • Use network packet capture tools like `tcpdump` or `wireshark` to monitor HTTP/2 traffic to the NRF endpoint for suspicious payloads.
  • Use process monitoring commands such as `ps aux | grep open5gs` to check for unexpected process crashes or restarts.
Mitigation Strategies

The immediate mitigation step is to deploy the patch that fixes the vulnerability in the Open5GS codebase. The issue has been fixed by adding proper bounds checking in the handle_scp_info() function to prevent out-of-bounds writes.

Until the patch can be applied, consider restricting or monitoring access to the NRF endpoint to prevent malicious HTTP/2 requests containing crafted NF-profile data.

Additionally, monitor the affected Open5GS network functions for crashes or abnormal behavior that could indicate exploitation attempts.

Compliance Impact

The provided information does not specify any direct impact of the CVE-2026-10114 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-10114. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart