CVE-2026-7779
Open5GS Authentication Subscription DoS Vulnerability
Publication date: 2026-05-04
Last updated on: 2026-05-04
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| open5gs | open5gs | to 2.7.7 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a security flaw in Open5GS up to version 2.7.7, specifically in the function udm_nudr_dr_handle_subscription_authentication within the authentication-subscription Endpoint component. It allows an attacker to perform a manipulation that results in a denial of service (DoS). The attack can be executed remotely, and the exploit code has been publicly released.
How can this vulnerability impact me? :
The primary impact of this vulnerability is a denial of service condition, which means that an attacker can disrupt the normal operation of the affected Open5GS component remotely. This could lead to service outages or degraded performance in systems relying on Open5GS for authentication-subscription services.