CVE-2026-2524

EUVD-2026-6137
A flaw has been found in Open5GS 2.7.6. The impacted element is the function mme_s11_handle_create_session_response of the component MME. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
VulDBCNA
5.3 MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
Affected Products (NVD)
VendorProductVersion
open5gsopen5gs
2.7.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/open5gs/open5gs/
https://github.com/open5gs/open5gs/issues/4284
https://github.com/open5gs/open5gs/issues/4284#issue-3808462406
https://vuldb.com/?ctiid.346112
https://vuldb.com/?id.346112
https://vuldb.com/?submit.738369