CVE-2026-8292
Received Received - Intake
Denial of Service in Open5GS NRF via URI Parsing

Publication date: 2026-05-11

Last updated on: 2026-05-11

Assigner: VulDB

Description
A security vulnerability has been detected in Open5GS up to 2.7.7. The affected element is the function yuarel_parse in the library /lib/sbi/conv.c of the component NRF. Such manipulation of the argument hnrf-uri leads to denial of service. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-11
Last Modified
2026-05-11
Generated
2026-05-11
AI Q&A
2026-05-11
EPSS Evaluated
N/A
NVD
CVE-2026-8292
EUVD
EUVD-2026-29090
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
open5gs open5gs to 2.7.7 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-404 The product does not release or incorrectly releases a resource before it is made available for re-use.
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by sending a specially crafted GET request to the Network Repository Function (NRF) endpoint `/nnrf-disc/v1/nf-instances` with an invalid `hnrf-uri` query parameter. If the NRF process crashes or terminates unexpectedly with exit code 139, it indicates the presence of the vulnerability.

A specific command to test this is using curl with malformed parameters to trigger the bug.

  • curl -X GET 'http://<NRF_IP>:<NRF_PORT>/nnrf-disc/v1/nf-instances?hnrf-uri=malformed_value'

Can you explain this vulnerability to me?

CVE-2026-8292 is a security vulnerability in Open5GS up to version 2.7.7, specifically in the Network Repository Function (NRF) component. The issue occurs in the function yuarel_parse within the library /lib/sbi/conv.c when processing the hnrf-uri argument. If an invalid hnrf-uri is provided in a GET request to the NRF, the system attempts to parse it but fails, leading to a null pointer dereference. This causes the NRF process to crash and terminate unexpectedly.

The vulnerability can be triggered remotely by sending a malformed hnrf-uri query parameter, which causes the NRF to exit with an error instead of handling the invalid input gracefully.


How can this vulnerability impact me? :

This vulnerability can lead to a denial of service (DoS) condition in the Open5GS NRF component. When exploited, the NRF process crashes and stops running, which can disrupt network functions relying on it.

Such a crash can cause service interruptions, degrade network reliability, and potentially impact users or systems dependent on the NRF for network discovery and management.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include avoiding sending or accepting requests with malformed `hnrf-uri` parameters to the NRF component to prevent crashes.

Since the project has not yet responded with a fix, monitoring the NRF process for crashes and implementing network-level filtering or input validation to block malformed requests can help reduce risk.

Additionally, consider isolating the NRF service or applying rate limiting to reduce exposure to remote attacks exploiting this vulnerability.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart