Can you explain this vulnerability to me?

The CVE-2026-8186 vulnerability is a denial-of-service (DoS) issue in the Open5GS software, specifically in the Service-Based Interface (SBI) client URI handling.

The problem occurs when a callback URI lacks a path component (for example, using "http://host:port" instead of "http://host:port/path"). The function ogs_sbi_client_send_via_scp_or_sepp() calls ogs_sbi_getpath_from_uri() to extract the path but does not check if the extraction was successful.

If the URI has no path, ogs_sbi_getpath_from_uri() returns false with the path set to NULL, causing an assertion failure (ogs_assert(path)) that aborts the process. This leads to a remote denial-of-service attack against any SBI-based Network Function (NF).

The vulnerability affects Open5GS versions 2.7.5, 2.7.6, and 2.7.7 and was fixed by adding proper error handling to check the URI path extraction result and avoid aborting the process.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

This vulnerability can be exploited remotely to cause a denial-of-service (DoS) condition in the Open5GS network functions that use the Service-Based Interface (SBI).

An attacker can send a malformed callback URI without a path component, triggering the vulnerable function to abort the process, which crashes the affected network function.

This results in service disruption or downtime for the affected 5G core network components, potentially impacting network availability and reliability.

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring for crashes or denial-of-service symptoms in the Open5GS Network Function (NF) components, especially those using the Service-Based Interface (SBI) client. The issue occurs when a callback URI without a path component is processed, causing the NF to abort.

To detect attempts to exploit this vulnerability, you can look for logs or error messages related to malformed URIs or assertion failures in the SBI client logs.

Specific commands are not provided in the resources, but general approaches include:

• Checking Open5GS logs for errors related to URI parsing or assertion failures in the function ogs_sbi_client_send_via_scp_or_sepp.
• Using network monitoring tools (e.g., tcpdump, Wireshark) to capture and analyze SBI traffic for URIs lacking path components.
• Running Open5GS in a debug mode or with increased logging to capture detailed information about URI handling.

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

The immediate step to mitigate this vulnerability is to apply the patch identified by commit d5bc487fcf9ea87d2b03f2ef95123af344773bfb to your Open5GS installation.

This patch modifies the function ogs_sbi_client_send_via_scp_or_sepp() to properly handle URIs without path components by logging the error and returning false instead of aborting the process.

If patching immediately is not possible, consider monitoring and blocking malformed SBI callback URIs that lack path components to prevent triggering the denial-of-service condition.

Additionally, ensure your Open5GS version is updated beyond v2.7.7, as versions v2.7.5, v2.7.6, and v2.7.7 are affected.

Useful 0 Not Useful 0

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The provided information does not include any details on how the CVE-2026-8186 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Useful 0 Not Useful 0