CVE-2026-8251
Undergoing Analysis Undergoing Analysis - In Progress
Denial of Service in Open5GS SMF Component

Publication date: 2026-05-10

Last updated on: 2026-05-10

Assigner: VulDB

Description
A vulnerability was found in Open5GS up to 2.7.7. This impacts the function update_authorized_pcc_rule_and_qos of the file /src/smf/npcf-handler.c of the component SMF. Performing a manipulation results in denial of service. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-10
Last Modified
2026-05-10
Generated
2026-06-20
AI Q&A
2026-05-11
EPSS Evaluated
2026-06-19
NVD
CVE-2026-8251
EUVD
EUVD-2026-29005
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
open5gs open5gs to 2.7.7 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-404 The product does not release or incorrectly releases a resource before it is made available for re-use.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Open5GS up to version 2.7.7, specifically in the function update_authorized_pcc_rule_and_qos within the file /src/smf/npcf-handler.c of the SMF component.

An attacker can remotely manipulate this function to cause a denial of service condition.

The exploit for this vulnerability has been made public, and the project has been informed but has not yet responded.

Impact Analysis

The primary impact of this vulnerability is a denial of service (DoS) attack, which can disrupt the normal operation of the affected Open5GS SMF component.

Since the attack can be performed remotely, it could potentially allow an attacker to interrupt service availability without requiring local access.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

This vulnerability can be detected by monitoring the behavior of the Open5GS Session Management Function (SMF) for crashes or denial-of-service symptoms when processing sm-policy-notify callbacks containing PCC rules.

Specifically, if the SMF process exits with code 139 and resets connections, it may indicate an attempt to exploit this vulnerability by sending an oversized pccRules map (more than 8 entries) in the sm-policy-notify callback.

To detect this on your system, you can check SMF logs for assertion failures related to pcc_rule->num_of_flow == 0 or monitor for unexpected SMF process crashes.

While no exact commands are provided, you can use standard Linux commands such as:

  • journalctl -u open5gs-smf.service -f # To follow SMF logs in real time
  • ps aux | grep open5gs-smf # To check if the SMF process is running
  • dmesg | grep open5gs # To check kernel logs for crashes
  • Monitoring network traffic for unusually large or malformed sm-policy-notify messages with more than 8 PCC rules could also help detect exploitation attempts.
Mitigation Strategies

Immediate mitigation steps include preventing the SMF from processing oversized pccRules arrays that exceed the maximum capacity of 8 entries.

Since the vulnerability is caused by lack of input validation on the size of the pccRules array, you should:

  • Implement input validation or filtering at the network edge or within the SMF to reject sm-policy-notify messages containing more than 8 PCC rules.
  • Monitor and restrict incoming sm-policy-notify callbacks to trusted sources only.
  • If possible, apply any patches or updates from the Open5GS project once they become available.

Until an official fix is released, consider deploying network-level protections such as firewall rules or intrusion detection systems to detect and block exploit attempts.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8251. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart