Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.5
Open5GS 2.7.6: Assertion Error Allows Remote Attack
CVE-2026-2523
Summary
A security weakness in Open5GS versions up to 2.7.6 can be exploited by hackers to access or disrupt the system remotely. This means an attacker can potentially take control of or crash the system. We recommend updating to a patched version of Open5GS as soon as possible to protect against this vulnerability.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| open5gs | open5gs | <= 2.7.6 | – |
Original title
A vulnerability was detected in Open5GS up to 2.7.6. The affected element is the function smf_gn_handle_create_pdp_context_request of the file /src/smf/gn-handler.c of the component SMF. The manipu...
Original description
A vulnerability was detected in Open5GS up to 2.7.6. The affected element is the function smf_gn_handle_create_pdp_context_request of the file /src/smf/gn-handler.c of the component SMF. The manipulation results in reachable assertion. It is possible to launch the attack remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
nvd CVSS2.0
5.0
nvd CVSS3.1
7.5
nvd CVSS4.0
5.5
Vulnerability type
CWE-617
- https://github.com/open5gs/open5gs/ Product
- https://github.com/open5gs/open5gs/issues/4285 Exploit Issue Tracking Vendor Advisory
- https://github.com/open5gs/open5gs/issues/4285#issue-3809055236 Exploit Issue Tracking Vendor Advisory
- https://vuldb.com/?ctiid.346111 Permissions Required VDB Entry
- https://vuldb.com/?id.346111 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.738342 Third Party Advisory VDB Entry
Published: 16 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026