← back
CVE-2026-15194

Open5GS AMF context.c amf_context_final use after free

CVSS 4.8 MEDIUMCWE-119CWE-416
Vexday Risk Score
30Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Proof of concept
Public proof of concept exists, but not yet automated.
CVSS 4.8EPSS KEV nãoPoC públicaNuclei Metasploit Patch
Lifecycle
09 Jul 2026Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
A security flaw has been discovered in Open5GS 2.7.7. This affects the function amf_context_final of the file src/amf/context.c of the component AMF. Performing a manipulation results in use after free. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks.
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
Affected products
n/a · Open5GS
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.