Medium severity5.3NVD Advisory· Published May 9, 2026· Updated May 13, 2026
CVE-2026-8186
CVE-2026-8186
Description
A vulnerability was detected in Open5GS up to 2.7.7. This affects the function ogs_sbi_client_send_via_scp_or_sepp in the library lib/sbi/client.c of the component NF. Performing a manipulation results in out-of-bounds read. The attack is possible to be carried out remotely. The patch is named d5bc487fcf9ea87d2b03f2ef95123af344773bfb. It is suggested to install a patch to address this issue.
Affected products
1Patches
2d5bc487fcf9esbi: prevent NF crash on callback URI without path component
1 file changed · +5 −0
lib/sbi/client.c+5 −0 modified@@ -834,6 +834,11 @@ bool ogs_sbi_client_send_via_scp_or_sepp( ogs_assert(apiroot); rc = ogs_sbi_getpath_from_uri(&path, request->h.uri); + if (rc == false) { + ogs_error("Cannot extract path from URI [%s]", request->h.uri); + ogs_free(apiroot); + return false; + } ogs_assert(path); request->h.uri = ogs_msprintf("%s/%s", apiroot, path);
b299356c8356sbi: prevent NF crash on callback URI without path component
1 file changed · +5 −0
lib/sbi/client.c+5 −0 modified@@ -834,6 +834,11 @@ bool ogs_sbi_client_send_via_scp_or_sepp( ogs_assert(apiroot); rc = ogs_sbi_getpath_from_uri(&path, request->h.uri); + if (rc == false) { + ogs_error("Cannot extract path from URI [%s]", request->h.uri); + ogs_free(apiroot); + return false; + } ogs_assert(path); request->h.uri = ogs_msprintf("%s/%s", apiroot, path);
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/open5gs/open5gs/commit/d5bc487fcf9ea87d2b03f2ef95123af344773bfbnvdPatch
- github.com/open5gs/open5gs/pull/4496nvdIssue TrackingPatch
- github.com/open5gs/open5gs/issues/4491nvdExploitIssue Tracking
- vuldb.com/submit/800024nvdThird Party AdvisoryVDB Entry
- vuldb.com/vuln/362338nvdThird Party AdvisoryVDB Entry
- vuldb.com/vuln/362338/ctinvdPermissions RequiredVDB Entry
News mentions
0No linked articles in our index yet.