CVE-2026-1521

MEDIUM

open5gs < 2.7.6 - Denial of Service in SGWC Bearer Resource Failure Indication Handler

Title source: llm

Description

A security flaw has been discovered in Open5GS up to 2.7.6. This affects the function sgwc_s5c_handle_bearer_resource_failure_indication of the file src/sgwc/s5c-handler.c of the component SGWC. Performing a manipulation results in denial of service. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The patch is named 69b53add90a9479d7960b822fc60601d659c328b. It is recommended to apply a patch to fix this issue.

References (8)

Core 8

Core References

Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.343192

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.343192

Third Party Advisory, VDB Entry, Exploit third-party-advisory

https://vuldb.com/?submit.738370

Exploit, Issue Tracking, Vendor Advisory issue-tracking

https://github.com/open5gs/open5gs/issues/4268

Issue Tracking, Exploit, Vendor Advisory issue-tracking

https://github.com/open5gs/open5gs/issues/4268#event-21989483261

Exploit, Issue Tracking, Vendor Advisory exploit issue-tracking

https://github.com/open5gs/open5gs/issues/4268#issue-3795012861

Patch patch

https://github.com/open5gs/open5gs/commit/69b53add90a9479d7960b822fc60601d659c328b

View Patch ZIP pw:eip

Various Sources product

https://github.com/open5gs/open5gs/

Scores

CVSS v3 5.3

EPSS 0.0051

EPSS Percentile 39.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-404

Status published

Products (1)

open5gs/open5gs < 2.7.6

Published Jan 28, 2026

Tracked Since Feb 18, 2026