← back
CVE-2026-15720

Pre-auth heap out-of-bounds read in the AMF NAS 5GS mobile-identity handler

CVSS 8.6 HIGHCWE-125
Vexday Risk Score
18Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.6EPSS KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
14 Jul 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In Open5GS through version 2.7.7 a pre-authentication heap out-of-bounds read in the AMF NAS 5GS mobile-identity handler may result in subscriber-wide denial of service.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Affected products
open5gs · open5gs