Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.5
Open5GS: Remote denial-of-service attack possible through GTP2 parsing flaw
CVE-2026-2517
Summary
A flaw has been found in Open5GS versions up to 2.7.6 that could allow a remote attacker to crash the system. This vulnerability affects the way Open5GS handles certain network traffic, which could lead to a denial-of-service attack. Users should update to the latest version of Open5GS as soon as possible to fix the issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| open5gs | open5gs | <= 2.7.6 | – |
Original title
A security flaw has been discovered in Open5GS up to 2.7.6. This vulnerability affects the function ogs_gtp2_parse_tft in the library lib/gtp/v2/types.c of the component SMF. Performing a manipulat...
Original description
A security flaw has been discovered in Open5GS up to 2.7.6. This vulnerability affects the function ogs_gtp2_parse_tft in the library lib/gtp/v2/types.c of the component SMF. Performing a manipulation of the argument pf[0].content.length results in denial of service. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
nvd CVSS2.0
5.0
nvd CVSS3.1
7.5
nvd CVSS4.0
5.5
Vulnerability type
CWE-404
- https://github.com/open5gs/open5gs/ Product
- https://github.com/open5gs/open5gs/issues/4281 Exploit Issue Tracking Vendor Advisory
- https://github.com/open5gs/open5gs/issues/4281#issue-3807802287 Exploit Issue Tracking Vendor Advisory
- https://vuldb.com/?ctiid.346108 Permissions Required VDB Entry
- https://vuldb.com/?id.346108 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.738332 Third Party Advisory VDB Entry
Published: 15 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026