CVE-2026-8290
Denial of Service in Open5GS
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| open5gs | open5gs | to 2.7.7 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The CVE-2026-8290 vulnerability is a security flaw in Open5GS's Session Management Function (SMF) component. It occurs when the SMF processes a POST request to modify a non-home-routed PDU session without properly validating the session type. This leads to an assertion failure during ASN.1 encoding because the required data structures are empty. As a result, the SMF process crashes with a fatal error (exit code 139) instead of rejecting the request gracefully.
In simpler terms, sending a specially crafted request to modify certain sessions causes the SMF to crash, causing a denial-of-service condition.
How can this vulnerability impact me? :
This vulnerability can cause the Open5GS SMF component to crash remotely when processing specific modification requests. The impact is a denial-of-service (DoS) condition, meaning that the affected service becomes unavailable or stops functioning properly.
An attacker can exploit this flaw by sending a syntactically valid QoS flow modification request to a non-home-routed session, causing the SMF to exit unexpectedly. This can disrupt network session management and potentially affect the availability of services relying on Open5GS.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for crashes or unexpected exits of the Open5GS SMF process, especially exit code 139 which indicates a fatal error due to assertion failure.
Detection can also involve capturing and analyzing POST requests sent to the SMF that attempt to modify non-home-routed PDU sessions, as these requests trigger the vulnerability.
A practical approach is to use network traffic capture tools like tcpdump or Wireshark to filter HTTP POST requests to the SMF endpoint and inspect for QoS flow modification requests targeting non-home-routed sessions.
- Use system logs or process monitoring commands such as `journalctl -u open5gs-smf` or `ps` combined with `grep` to check for unexpected SMF crashes.
- Capture network traffic with `tcpdump -i <interface> port 80 or port 443` (adjust ports as needed) to analyze POST requests to the SMF.
- Use `curl` or similar tools to simulate POST requests modifying non-home-routed PDU sessions to test if the SMF crashes.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include monitoring and restricting POST requests that attempt to modify non-home-routed PDU sessions, as these trigger the vulnerability.
Implement network-level filtering or firewall rules to block suspicious or malformed modification requests targeting the SMF.
Ensure that the Open5GS SMF process is closely monitored for crashes and consider automatic restart mechanisms to reduce downtime.
Since the project has not yet responded with a fix, avoid exposing the SMF service to untrusted networks or users until a patch is available.