CVE-2026-10565

LOW

Open5GS NGAP Handover gmm-sm.c gmm_state_security_mode race condition

Title source: cna

Description

A security flaw has been discovered in Open5GS up to 2.7.6. The impacted element is the function gmm_state_security_mode of the file src/amf/gmm-sm.c of the component NGAP Handover. Performing a manipulation results in race condition. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is regarded as difficult. The exploit has been released to the public and may be used for attacks. The pull request to fix this issue awaits acceptance.

References (8)

Core 8

Core References

Vdb Entry, Technical Description vdb-entry technical-description

VDB-367672 | Open5GS NGAP Handover gmm-sm.c gmm_state_security_mode race condition

https://vuldb.com/vuln/367672

Signature, Permissions Required signature permissions-required

VDB-367672 | CTI Indicators (IOB, IOC, IOA)

https://vuldb.com/vuln/367672/cti

Third Party Advisory third-party-advisory

CVE-2026-10565 | CVE Analysis and Report

https://vuldb.com/cve/CVE-2026-10565

Third Party Advisory third-party-advisory

Submit #818938 | open5gs v2.7.6 Race Condition

https://vuldb.com/submit/818938

Issue Tracking issue-tracking

https://github.com/open5gs/open5gs/issues/4497

Patch issue-tracking patch

https://github.com/open5gs/open5gs/pull/4501

Exploit exploit

https://github.com/user-attachments/files/27111025/N2-SMC-Concurrent.zip

Product product

https://github.com/open5gs/open5gs/

Scores

CVSS v3 3.1

EPSS 0.0022

EPSS Percentile 12.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-362

Status published

Products (7)

None/Open5GS 2.7.0

None/Open5GS 2.7.1

None/Open5GS 2.7.2

None/Open5GS 2.7.3

None/Open5GS 2.7.4

None/Open5GS 2.7.5

None/Open5GS 2.7.6

Published Jun 02, 2026

Tracked Since Jun 02, 2026