Description
A security flaw has been discovered in Open5GS 2.7.6. This issue affects the function smf_gx_cca_cb/smf_gy_cca_cb/smf_s6b of the component CCA Message Handler. The manipulation results in denial of service. The attack may be launched remotely. Attacks of this nature are highly complex. The exploitability is assessed as difficult. The exploit has been released to the public and may be used for attacks.
References (6)
Core 6
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-353875 | Open5GS CCA Message smf_s6b denial of service
https://vuldb.com/?id.353875
Signature, Permissions Required signature
permissions-required
VDB-353875 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/?ctiid.353875
Third Party Advisory third-party-advisory
Submit #771349 | Open5GS SMF v2.7.6 Denial of Service
https://vuldb.com/?submit.771349
Issue Tracking issue-tracking
https://github.com/open5gs/open5gs/issues/4342
Exploit exploit
issue-tracking
https://github.com/open5gs/open5gs/issues/4342#issue-4021772232
Product product
https://github.com/open5gs/open5gs/
Scores
CVSS v3
3.7
EPSS
0.0057
EPSS Percentile
42.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-404
Status
published
Products (2)
n/a/Open5GS
2.7.6
open5gs/open5gs
2.7.6
Published
Mar 27, 2026
Tracked Since
Mar 29, 2026