CVE-2026-8121
Denial of Service in Open5GS NSSF Component
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| open5gs | open5gs | to 2.7.7 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
The CVE-2026-8121 vulnerability is a flaw in the Open5GS software, specifically in the Network Slice Selection Function (NSSF) component. It occurs when the NSSF processes a malformed 'target-plmn-list' parameter in a GET request. The function ogs_sbi_parse_plmn_list fails to properly handle invalid JSON input, leading to a null pointer dereference and an assertion failure. This causes the NSSF process to crash abruptly with an exit code 139 and a 'Connection reset by peer' error.
The vulnerability is not limited to the 'target-plmn-list' parameter but also affects the 'requester-plmn-list' since the same parser is used. Instead of rejecting malformed input with an error response, the NSSF crashes, disrupting its normal operation.
How can this vulnerability impact me? :
This vulnerability can cause a denial of service by crashing the NSSF component of Open5GS when it receives malformed input. Since the NSSF is responsible for network slice selection, its abrupt termination can disrupt network slice selection operations, potentially affecting the availability and reliability of network services that depend on Open5GS.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for crashes or abnormal terminations of the Network Slice Selection Function (NSSF) process in Open5GS, especially when it processes malformed JSON input in the target-plmn-list or requester-plmn-list parameters.
Specifically, look for the NSSF process exiting abruptly with exit code 139 and errors such as "Connection reset by peer" in logs.
To test for the vulnerability, you can send a malformed GET request to the endpoint /nnssf-nsselection/v2/network-slice-information with an invalid JSON in the target-plmn-list parameter and observe if the NSSF crashes.
- Example curl command to test the vulnerability: curl -X GET 'http://<nssf-ip>:<port>/nnssf-nsselection/v2/network-slice-information' -H 'Content-Type: application/json' -d '{"target-plmn-list": "malformed-json"}'
Monitoring system logs for exit code 139 or 'Connection reset by peer' messages related to the NSSF process can also help detect exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the NSSF service endpoint to trusted sources only, to reduce the risk of remote exploitation.
Implement input validation or filtering at a network or application firewall level to block malformed JSON requests targeting the /nnssf-nsselection/v2/network-slice-information endpoint.
Monitor the NSSF process for crashes and restart it promptly if it terminates unexpectedly to maintain service availability.
Since the project has not yet responded with a patch, consider applying custom patches or workarounds if available, or isolate the vulnerable component until a fix is released.