CVE-2026-8249
Denial of Service in Open5GS SMF Component
Publication date: 2026-05-10
Last updated on: 2026-05-11
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| open5gs | open5gs | to 2.7.7 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a flaw found in Open5GS up to version 2.7.7, specifically in the function update_authorized_pcc_rule_and_qos within the file /src/smf/npcf-handler.c of the SMF component.
The flaw allows for manipulation that causes a denial of service (DoS) condition. The vulnerability can be exploited remotely, and an exploit has already been published.
How can this vulnerability impact me? :
The primary impact of this vulnerability is a denial of service, which means that an attacker can disrupt the normal operation of the affected Open5GS SMF component remotely.
This disruption could lead to service unavailability or degradation, potentially affecting network functions that rely on Open5GS.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability causes a denial of service in the Open5GS SMF component by crashing the process when handling malformed requests. This disruption of service could impact the availability of network functions that handle user data.
While the CVE description and resources do not explicitly mention compliance with standards such as GDPR or HIPAA, denial of service incidents can affect compliance by violating availability requirements mandated by these regulations.
However, there is no direct information provided about data breaches, unauthorized access, or data integrity issues related to this vulnerability that would more directly impact compliance with privacy or security controls under these standards.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring the Open5GS SMF process for crashes or abnormal termination, specifically looking for fatal errors related to the handling of malformed POST requests to the /nsmf-callback/v1/sm-policy-notify/{smContextRef}/update endpoint.
One indicator is the SMF process exiting with code 139 due to a NULL pointer dereference caused by missing flowDescription fields in the flowInfos array of SmPolicyDecision objects.
To detect exploitation attempts, you can capture and analyze network traffic for malformed POST requests to the mentioned endpoint that omit the required flowDescription field.
- Use system logs or process monitoring tools (e.g., journalctl, systemctl status) to check for SMF crashes or restarts.
- Use tcpdump or Wireshark to capture network traffic targeting the SMF service, filtering for POST requests to /nsmf-callback/v1/sm-policy-notify/*/update.
- Example tcpdump command: tcpdump -i <interface> -A 'tcp port 80 or tcp port 443' | grep 'POST /nsmf-callback/v1/sm-policy-notify/'
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include monitoring and restricting access to the SMF service to prevent malicious malformed requests from reaching it.
Since the vulnerability causes a denial of service through a crash triggered by malformed input, implementing input validation or filtering malformed requests at a network or application firewall level can reduce risk.
Additionally, consider restarting the SMF service if it crashes and monitoring it closely until an official patch or update is released.
Currently, the project has not responded with a fix, so applying any available workarounds or limiting exposure is critical.