CVE-2026-4988

LOW

Open5GS CCA Message smf_s6b denial of service

Title source: cna

Description

A security flaw has been discovered in Open5GS 2.7.6. This issue affects the function smf_gx_cca_cb/smf_gy_cca_cb/smf_s6b of the component CCA Message Handler. The manipulation results in denial of service. The attack may be launched remotely. Attacks of this nature are highly complex. The exploitability is assessed as difficult. The exploit has been released to the public and may be used for attacks.

References (6)

[Vdb Entry, Technical Description] https://vuldb.com/?id.353875

[Signature, Permissions Required] https://vuldb.com/?ctiid.353875

[Third Party Advisory] https://vuldb.com/?submit.771349

[Issue Tracking] https://github.com/open5gs/open5gs/issues/4342

[Exploit] https://github.com/open5gs/open5gs/issues/4342#issue-4021772232

[Product] https://github.com/open5gs/open5gs/

Scores

CVSS v3 3.7

EPSS 0.0007

EPSS Percentile 21.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-404

Status published

Products (2)

n/a/Open5GS 2.7.6

open5gs/open5gs 2.7.6

Published Mar 27, 2026

Tracked Since Mar 29, 2026