← back
CVE-2026-2523

Open5GS SMF gn-handler.c smf_gn_handle_create_pdp_context_request assertion

CVSS 6.9 MEDIUMEPSS 0.5%CWE-617
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.9EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
16 Feb 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability was detected in Open5GS up to 2.7.6. The affected element is the function smf_gn_handle_create_pdp_context_request of the file /src/smf/gn-handler.c of the component SMF. The manipulation results in reachable assertion. It is possible to launch the attack remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
Affected products
n/a · Open5GS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/open5gs/open5gs/https://github.com/open5gs/open5gs/issues/4285https://github.com/open5gs/open5gs/issues/4285#issue-3809055236https://vuldb.com/?ctiid.346111https://vuldb.com/?id.346111https://vuldb.com/?submit.738342