A vulnerability was found in Open5GS up to 2.7.7. This impacts the function update_authorized_pcc_rule_and_qos of the file /src/smf/npcf-handler.c of the component SMF. Performing a manipulation results in denial of service. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
References
| Link | Resource |
|---|---|
| https://github.com/open5gs/open5gs/ | Product |
| https://github.com/open5gs/open5gs/issues/4445 | Exploit Issue Tracking |
| https://vuldb.com/submit/808480 | Third Party Advisory VDB Entry |
| https://vuldb.com/vuln/362548 | Third Party Advisory VDB Entry |
| https://vuldb.com/vuln/362548/cti | Permissions Required VDB Entry |
Configurations
History
12 May 2026, 17:35
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Open5gs
Open5gs open5gs |
|
| CPE | cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:* | |
| References | () https://github.com/open5gs/open5gs/ - Product | |
| References | () https://github.com/open5gs/open5gs/issues/4445 - Exploit, Issue Tracking | |
| References | () https://vuldb.com/submit/808480 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/vuln/362548 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/vuln/362548/cti - Permissions Required, VDB Entry |
10 May 2026, 23:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-05-10 23:16
Updated : 2026-05-12 17:35
NVD link : CVE-2026-8251
Mitre link : CVE-2026-8251
CVE.ORG link : CVE-2026-8251
JSON object : View
Products Affected
open5gs
- open5gs
CWE
CWE-404
Improper Resource Shutdown or Release