Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.5
Open5GS MME Memory Corruption via Remote Attack
CVE-2026-2522
Summary
A security weakness in Open5GS version 2.7.6 and earlier could allow an attacker to cause the system to malfunction in unpredictable ways. This means that an attacker could potentially crash the system or steal sensitive information. The Open5GS team has not yet responded to a report of this issue, but it has been made public, so it's a good idea for users to take precautions to protect their systems.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| open5gs | open5gs | <= 2.7.6 | – |
Original title
A security vulnerability has been detected in Open5GS up to 2.7.6. Impacted is an unknown function of the file /src/mme/esm-build.c of the component MME. The manipulation leads to memory corruption...
Original description
A security vulnerability has been detected in Open5GS up to 2.7.6. Impacted is an unknown function of the file /src/mme/esm-build.c of the component MME. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
nvd CVSS2.0
5.0
nvd CVSS3.1
9.8
nvd CVSS4.0
5.5
Vulnerability type
CWE-119
Buffer Overflow
- https://github.com/open5gs/open5gs/ Product
- https://github.com/open5gs/open5gs/issues/4283 Exploit Issue Tracking Vendor Advisory
- https://github.com/open5gs/open5gs/issues/4283#issue-3807916595 Exploit Issue Tracking Vendor Advisory
- https://vuldb.com/?ctiid.346110 Permissions Required VDB Entry
- https://vuldb.com/?id.346110 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.738336 Third Party Advisory VDB Entry
Published: 16 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026