CVE-2026-7583
Deferred Deferred - Pending Action
Denial of Service in Open5GS via IPv6 Prefix Manipulation

Publication date: 2026-05-01

Last updated on: 2026-05-01

Assigner: VulDB

Description
A flaw has been found in Open5GS up to 2.7.7. This issue affects the function bsf_sess_find_by_ipv6prefix of the file /src/bsf/context.c of the component BSF. This manipulation of the argument ipv6Prefix causes denial of service. It is possible to initiate the attack remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-01
Last Modified
2026-05-01
Generated
2026-06-16
AI Q&A
2026-05-01
EPSS Evaluated
2026-06-15
NVD
CVE-2026-7583
EUVD
EUVD-2026-26661
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
open5gs open5gs to 2.7.7 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-404 The product does not release or incorrectly releases a resource before it is made available for re-use.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of the CVE-2026-7583 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

This vulnerability can be detected by monitoring for abnormal crashes or service disruptions of the Open5GS BSF component, specifically looking for the BSF process terminating with exit code 139.

To actively test for the vulnerability, you can send specially crafted HTTP requests to the BSF service that include an ipv6Prefix parameter with a prefix length other than /128, such as /64.

Example commands to test the vulnerability include:

  • Using curl to send a GET request with an invalid ipv6Prefix query parameter: curl "http://<bsf-ip>:<port>/path?ipv6Prefix=2001:db8::1/64"
  • Using curl to send a POST request with an invalid ipv6Prefix in the request body: curl -X POST -d '{"ipv6Prefix":"2001:db8::1/64"}' http://<bsf-ip>:<port>/path

If the BSF process crashes or exits unexpectedly after these requests, it indicates the presence of the vulnerability.

Mitigation Strategies

Immediate mitigation steps include monitoring the BSF service for crashes and avoiding sending or accepting IPv6 prefixes with lengths other than /128 to the BSF component.

Since the vulnerability is triggered by malformed ipv6Prefix arguments, implementing input validation or filtering at the network or application level to block such requests can reduce risk.

Additionally, consider restarting the BSF service if it crashes and monitoring logs for repeated attempts to exploit this issue.

As the project has not yet responded with a patch, stay updated on official releases or advisories from Open5GS for a permanent fix.

Executive Summary

This vulnerability is a flaw in Open5GS up to version 2.7.7, specifically in the function bsf_sess_find_by_ipv6prefix within the BSF component. The issue arises from improper handling of the argument ipv6Prefix, which can be manipulated to cause a denial of service (DoS). The attack can be initiated remotely, and an exploit has already been published.

Impact Analysis

The vulnerability can lead to a denial of service condition, meaning that the affected Open5GS service could become unavailable or unresponsive. Since the attack can be performed remotely, it poses a risk of service disruption without requiring physical access or user interaction.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7583. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart