CVE-2026-15194
Received Received - Intake

Use After Free in Open5GS AMF Component

Vulnerability report for CVE-2026-15194, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-09

Assigner: VulDB

Description

A security flaw has been discovered in Open5GS 2.7.7. This affects the function amf_context_final of the file src/amf/context.c of the component AMF. Performing a manipulation results in use after free. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-09
Generated
2026-07-09
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
open5gs open5gs 2.7.7

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-416 The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Detection Guidance

This vulnerability can be detected by building an AddressSanitizer-enabled version of the Open5GS AMF component and running a test scenario that triggers the shutdown process where the vulnerability occurs.

During this test, you should monitor the AddressSanitizer logs for a 1-byte read of freed memory error in the `hashfunc_default` function within `lib/core/ogs-hash.c` at line 258.

This detection method requires local access and high privileges since the vulnerability is triggered during the process shutdown.

  • Build Open5GS AMF with AddressSanitizer enabled.
  • Run the AMF and simulate a shutdown (SIGTERM) while a UE is authenticating.
  • Check AddressSanitizer output for use-after-free errors referencing `hashfunc_default` in `ogs-hash.c`.
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-15194 is a Use After Free vulnerability found in the Open5GS 2.7.7 software, specifically in the amf_context_final function of the AMF component. This flaw occurs during the shutdown process when the Access and Mobility Management Function (AMF) is terminated while a User Equipment (UE) is in the middle of authentication.

The root cause is that memory is freed before hash tables are cleared, and during the clearing process, the system attempts to access keys that reference already-freed memory. This leads to a read-after-free condition, which is a type of memory corruption.

The vulnerability is triggered locally with high privileges during normal shutdown and does not require malformed input or remote exploitation.

Impact Analysis

The impact of this vulnerability is considered low severity. It can cause a use-after-free memory read during the shutdown of the AMF component, which may lead to undefined behavior or crashes.

Since the vulnerability requires local access with high privileges and occurs only during shutdown, the risk of exploitation is limited.

There is no evidence of remote exploitability or the need for user interaction, reducing the likelihood of widespread impact.

Mitigation Strategies

Since the vulnerability requires local access with high privileges and occurs during the shutdown process of the AMF component, immediate mitigation steps include restricting local access and privileges to trusted users only.

Avoid performing shutdowns of the AMF component while user equipment is in the middle of authentication to reduce the chance of triggering the vulnerability.

Monitor for updates or patches from the Open5GS project that address this use-after-free issue and apply them as soon as they become available.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-15194. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart