CVE-2026-8123
Analyzed Analyzed - Analysis Complete
Open5GS NSSF Denial of Service Vulnerability

Publication date: 2026-05-08

Last updated on: 2026-05-11

Assigner: VulDB

Description
A vulnerability was determined in Open5GS up to 2.7.7. This impacts the function ogs_sbi_discovery_option_add_snssais in the library /lib/sbi/message.c of the component NSSF. This manipulation causes denial of service. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-11
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-18
NVD
CVE-2026-8123
EUVD
EUVD-2026-28481
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
open5gs open5gs to 2.7.7 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-404 The product does not release or incorrectly releases a resource before it is made available for re-use.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

Immediate mitigation steps include monitoring and restricting incoming requests to the NSSF component to prevent oversized `snssais` query parameters from reaching the service.

Implement network-level filtering or rate limiting to block or limit suspicious requests targeting the `/nnssf-nsselection/v2/network-slice-information` endpoint with unusually large `snssais` parameters.

Additionally, consider isolating or restarting the NSSF process promptly if a crash is detected to minimize service disruption.

Since the project has not yet responded with a fix, closely monitor the official Open5GS repository or issue tracker for patches or updates addressing this vulnerability.

Compliance Impact

The provided information does not specify how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability exists in Open5GS up to version 2.7.7, specifically in the Network Slice Selection Function (NSSF) component. It occurs in the function ogs_sbi_discovery_option_add_snssais within the library /lib/sbi/message.c. The issue arises when the system processes a GET request containing an oversized 'snssais' query parameter. Instead of handling the oversized input gracefully, the request parser triggers a fatal assertion due to exceeding the maximum allowed number of slice entries, causing the NSSF process to crash and terminate unexpectedly.

This crash results in a denial of service condition, and the attack can be initiated remotely by sending a specially crafted request. The vulnerability has been publicly disclosed and the project has not yet responded to the issue.

Impact Analysis

The primary impact of this vulnerability is a denial of service (DoS) condition. An attacker can remotely send a crafted request with an oversized 'snssais' parameter, causing the NSSF component of Open5GS to crash and terminate. This disrupts the normal operation of the network slice selection function, potentially leading to service interruptions or outages in systems relying on Open5GS for network slicing.

Detection Guidance

This vulnerability can be detected by monitoring for crashes or abnormal terminations of the Open5GS NSSF process, especially when it processes GET requests to the endpoint `/nnssf-nsselection/v2/network-slice-information`.

Specifically, sending a crafted GET request with an oversized `snssais` query parameter exceeding the limit defined by `OGS_MAX_NUM_OF_SLICE` can trigger the vulnerability and cause the NSSF process to crash.

A detection command example using curl to test this could be:

  • curl -v "http://<open5gs-nssf-ip>:<port>/nnssf-nsselection/v2/network-slice-information?snssais=<oversized_list>"

Where `<oversized_list>` is a list of SNSSAI entries exceeding the allowed maximum. Observing the NSSF process crash or exit code 139 after this request indicates the presence of the vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8123. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart