Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
1.3
CVE-2026-10565: Open5GS NGAP Handover Allows Remote Attack
CVE-2026-10565
Summary
A security issue in Open5GS's NGAP Handover component allows a remote attacker to potentially exploit a weakness in the system. This could allow an attacker to access or disrupt the system, but the attack is considered complex and difficult to execute. Users should check for updates and apply any available patches to mitigate this risk.
Original title
A security flaw has been discovered in Open5GS up to 2.7.6. The impacted element is the function gmm_state_security_mode of the file src/amf/gmm-sm.c of the component NGAP Handover. Performing a ma...
Original description
A security flaw has been discovered in Open5GS up to 2.7.6. The impacted element is the function gmm_state_security_mode of the file src/amf/gmm-sm.c of the component NGAP Handover. Performing a manipulation results in race condition. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is regarded as difficult. The exploit has been released to the public and may be used for attacks. The pull request to fix this issue awaits acceptance.
nvd CVSS2.0
2.1
nvd CVSS3.1
3.1
nvd CVSS4.0
1.3
Vulnerability type
CWE-362
Race Condition
- https://github.com/open5gs/open5gs/
- https://github.com/open5gs/open5gs/issues/4497
- https://github.com/open5gs/open5gs/pull/4501
- https://github.com/user-attachments/files/27111025/N2-SMC-Concurrent.zip
- https://vuldb.com/cve/CVE-2026-10565
- https://vuldb.com/submit/818938
- https://vuldb.com/vuln/367672
- https://vuldb.com/vuln/367672/cti
Published: 2 Jun 2026 · Updated: 2 Jun 2026 · First seen: 2 Jun 2026