CVE-2026-8187

MEDIUM

Open5GS UPF gtp-path.c _gtpv1_u_recv_cb resource consumption

Title source: cna

Description

A flaw has been found in Open5GS up to 2.7.7. This impacts the function _gtpv1_u_recv_cb of the file src/upf/gtp-path.c of the component UPF. Executing a manipulation can lead to resource consumption. The attack may be performed from remote. The project was informed of the problem early through an issue report but has not responded yet.

References (5)

Core 5

Core References

Vdb Entry, Technical Description vdb-entry technical-description

VDB-362339 | Open5GS UPF gtp-path.c _gtpv1_u_recv_cb resource consumption

https://vuldb.com/vuln/362339

Signature, Permissions Required signature permissions-required

VDB-362339 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/362339/cti

Third Party Advisory third-party-advisory

Submit #800025 | Open5GS 2.7.7 Denial of Service (DoS) (CWE-400)

https://vuldb.com/submit/800025

Issue Tracking issue-tracking

https://github.com/open5gs/open5gs/issues/4492

Product product

https://github.com/open5gs/open5gs/

Scores

CVSS v3 5.3

EPSS 0.0063

EPSS Percentile 45.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-400 CWE-404

Status published

Products (9)

None/Open5GS 2.7.0

None/Open5GS 2.7.1

None/Open5GS 2.7.2

None/Open5GS 2.7.3

None/Open5GS 2.7.4

None/Open5GS 2.7.5

None/Open5GS 2.7.6

None/Open5GS 2.7.7

open5gs/open5gs < 2.7.7

Published May 09, 2026

Tracked Since May 09, 2026