CVE-2026-7585
Awaiting Analysis Awaiting Analysis - Queue
Denial of Service in Open5GS AMF Component

Publication date: 2026-05-01

Last updated on: 2026-05-07

Assigner: VulDB

Description
A vulnerability was determined in Open5GS up to 2.7.7. The impacted element is the function amf_nudm_sdm_handle_provisioned of the file /src/amf/nudm-handler.c of the component AMF. Executing a manipulation can lead to denial of service. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-01
Last Modified
2026-05-07
Generated
2026-06-16
AI Q&A
2026-05-01
EPSS Evaluated
2026-06-15
NVD
CVE-2026-7585
EUVD
EUVD-2026-26679
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
open5gs open5gs to 2.7.7 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-404 The product does not release or incorrectly releases a resource before it is made available for re-use.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability exists in Open5GS up to version 2.7.7, specifically in the function amf_nudm_sdm_handle_provisioned within the AMF component. It allows an attacker to remotely manipulate the function, which can lead to a denial of service condition.

Impact Analysis

The impact of this vulnerability is a denial of service, meaning that an attacker can remotely cause the affected system to become unavailable or stop functioning properly.

Detection Guidance

This vulnerability can be detected by monitoring the AMF component of Open5GS for crashes or abnormal termination, specifically exit code 134, which indicates an assertion failure caused by a buffer overflow in handling the defaultSingleNssais list.

Detection can involve capturing and analyzing 5G registration procedures where the AMF retrieves subscriber data from the UDM. Look for unusually large defaultSingleNssais lists in the nudm-sdm am-data responses.

While no specific commands are provided in the resources, you can use standard Linux commands to monitor the Open5GS AMF process logs and status, such as:

  • journalctl -u open5gs-amf.service -f # To follow AMF service logs in real-time
  • ps aux | grep open5gs-amf # To check if the AMF process is running
  • grep -i 'assertion failed' /var/log/open5gs/amf.log # To find assertion failure messages

Additionally, network packet capture tools like tcpdump or Wireshark can be used to inspect the 5G registration messages for oversized defaultSingleNssais lists.

Mitigation Strategies

Immediate mitigation steps include monitoring and restricting the size of the defaultSingleNssais list returned by the UDM to the AMF to ensure it does not exceed the maximum allowed entries (8).

Since the vulnerability arises from a buffer overflow due to lack of bounds checking, applying any available patches or updates from the Open5GS project that address this issue is critical.

If no patch is available yet, consider implementing network-level protections to filter or block malicious UE registration attempts that send oversized defaultSingleNssais lists.

Also, monitor the AMF process for crashes and restart it promptly to minimize service disruption.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7585. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart