VYPR
← All advisories
Medium severity4.3NVD Advisory· Published May 17, 2026· Updated May 19, 2026

CVE-2026-8730

CVE-2026-8730

Description

A flaw has been found in Open5GS up to 2.7.6. This impacts the function ogs_sbi_nf_instance_set_id in the library /lib/sbi/context.c of the component NRF. Executing a manipulation of the argument nfInstanceId can lead to denial of service. The attack may be performed from remote. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A missing input validation in Open5GS NRF allows remote attackers to cause a denial of service via a crafted PUT request without the required nfInstanceId.

Vulnerability

A flaw exists in Open5GS up to version 2.7.6, specifically in the NRF component's function ogs_sbi_nf_instance_set_id in /lib/sbi/context.c. When handling a PUT request to /nnrf-nfm/v1/nf-instances, the code does not verify that the nfInstanceId path component is present before calling the setter, which asserts a non-NULL pointer. This leads to an assertion failure and process abort [1].

Exploitation

An attacker can exploit this remotely by sending a PUT request to the NRF endpoint without the required {nfInstanceId} in the URL path. No authentication is required. The attack can be performed using a simple curl command: curl --http2-prior-knowledge -X PUT http:///nnrf-nfm/v1/nf-instances. The NRF process crashes immediately upon receiving the request [1].

Impact

Successful exploitation causes the NRF process to terminate with a fatal assertion error (exit code 139), resulting in a denial of service. The NRF is a critical component in the 5G core network; its unavailability disrupts network function registration and discovery, affecting overall network operations [1].

Mitigation

As of the publication date, no official fix has been released. The project was informed via issue report but has not responded. The vulnerability affects Open5GS up to version 2.7.6. Users should monitor the repository for patches or consider implementing input validation to reject requests missing the required path component [1] [2].

References
  1. [Bug]: NRF crash on `PUT /nnrf-nfm/v1/nf-instances` without `{nfInstanceId}`
  2. GitHub - open5gs/open5gs: Open5GS is a C-language Open Source implementation for 5G Core and EPC, i.e. the core network of LTE/NR network (Release-17)

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Open5gs/Open5gsreferences2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <=2.7.6

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.