CVE-2026-8121

Open5GS NSSF conv.c ogs_sbi_parse_plmn_list denial of service

CVSS 5.3 MEDIUMEPSS 0.4%CWE-404

Vexday Risk Score

33Atenção

Decisão SSVC (CISA)

Attend

PoC disponível → acompanhar de perto

CVSS 5.3EPSS 0.4%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Ciclo de vida

08 mai 2026Publicada no NVD

Recomendação: Planejar correção próxima — já existe PoC pública.

A vulnerability has been found in Open5GS up to 2.7.7. The impacted element is the function ogs_sbi_parse_plmn_list in the library /lib/sbi/conv.c of the component NSSF. The manipulation leads to denial of service. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Produtos afetados

n/a · Open5GS

PoCs públicas encontradas — 1

cve_referencegithub.com/open5gs/open5gs/issues/4433não verificado

⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/open5gs/open5gs/https://github.com/open5gs/open5gs/issues/4433 https://vuldb.com/submit/808422 https://vuldb.com/submit/808424 https://vuldb.com/vuln/361908 https://vuldb.com/vuln/361908/cti