VYPR

Open5gs

by Open5gs

Source repositories

CVEs (173)

  • CVE-2026-1522Jan 28, 2026
    risk 0.00cvss epss 0.01

    A weakness has been identified in Open5GS up to 2.7.6. This vulnerability affects the function sgwc_s5c_handle_modify_bearer_response of the file src/sgwc/s5c-handler.c of the component SGWC. Executing a manipulation can lead to denial of service. The attack can be launched…

  • CVE-2026-1521Jan 28, 2026
    risk 0.00cvss epss 0.01

    A security flaw has been discovered in Open5GS up to 2.7.6. This affects the function sgwc_s5c_handle_bearer_resource_failure_indication of the file src/sgwc/s5c-handler.c of the component SGWC. Performing a manipulation results in denial of service. The attack can be initiated…

  • CVE-2026-0622Jan 20, 2026
    risk 0.00cvss epss 0.00

    Open 5GS WebUI uses a hard-coded JWT signing key (change-me) whenever the environment variable JWT_SECRET_KEY is unset

  • CVE-2025-15539Jan 18, 2026
    risk 0.00cvss epss 0.01

    A vulnerability was determined in Open5GS up to 2.7.6. Impacted is the function sgwc_s11_handle_downlink_data_notification_ack of the file src/sgwc/s11-handler.c of the component sgwc. This manipulation causes denial of service. The attack can be initiated remotely. The exploit…

  • CVE-2025-15532Jan 17, 2026
    risk 0.00cvss epss 0.01

    A security flaw has been discovered in Open5GS up to 2.7.5. This issue affects some unknown processing of the component Timer Handler. The manipulation results in resource consumption. The attack may be performed from remote. The exploit has been released to the public and may…

  • CVE-2025-15531Jan 17, 2026
    risk 0.00cvss epss 0.01

    A vulnerability was identified in Open5GS up to 2.7.5. This vulnerability affects the function sgwc_bearer_add of the file src/sgwc/context.c. The manipulation leads to reachable assertion. The attack is possible to be carried out remotely. The exploit is publicly available and…

  • CVE-2025-15530Jan 17, 2026
    risk 0.00cvss epss 0.01

    A vulnerability was determined in Open5GS up to 2.7.6. This affects the function sgwc_s11_handle_create_indirect_data_forwarding_tunnel_request of the file /src/sgwc/s11-handler.c. Executing a manipulation can lead to reachable assertion. The attack can be executed remotely. The…

  • CVE-2025-15529Jan 16, 2026
    risk 0.00cvss epss 0.01

    A vulnerability was found in Open5GS up to 2.7.6. Affected by this issue is the function sgwc_s5c_handle_create_session_response of the file src/sgwc/s5c-handler.c. Performing a manipulation results in denial of service. Remote exploitation of the attack is possible. The exploit…

  • CVE-2025-15528Jan 16, 2026
    risk 0.00cvss epss 0.01

    A vulnerability has been found in Open5GS up to 2.7.6. Affected by this vulnerability is an unknown functionality of the component GTPv2 Bearer Response Handler. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to…

  • CVE-2025-15176Dec 29, 2025
    risk 0.00cvss epss 0.01

    A flaw has been found in Open5GS up to 2.7.5. This affects the function decode_ipv6_header/ogs_pfcp_pdr_rule_find_by_packet of the file lib/pfcp/rule-match.c of the component PFCP Session Establishment Request Handler. Executing a manipulation can lead to reachable assertion. It…

  • CVE-2025-65559Dec 18, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in Open5GS 2.7.5-49-g465e90f, when processing a PFCP Session Establishment Request (type=50), the UPF crashes with a reachable assertion in `lib/pfcp/context.c` (`ogs_pfcp_object_teid_hash_set`) if the CreatePDR?PDI?F-TEID has CH=1 and the F-TEID…

  • CVE-2025-63288Nov 10, 2025
    risk 0.00cvss epss 0.00

    In Open5GS 2.7.6, AMF crashes when receiving an abnormal NGSetupRequest message, resulting in denial of service.

  • CVE-2025-41068Oct 27, 2025
    risk 0.00cvss epss 0.00

    Reachable Assertion vulnerability in Open5GS up to version 2.7.6 allows attackers with connectivity to the NRF to cause a denial of service. This is achieved by sending the creation of an NF with an invalid type via SBI and then requesting its data. The NRF executes a check that…

  • CVE-2025-41067Oct 27, 2025
    risk 0.00cvss epss 0.00

    Reachable Assertion vulnerability in Open5GS up to version 2.7.6 allows attackers with connectivity to the NRF to cause a denial of service. An SBI request that deletes the NRF's own registry causes a check that ends up crashing the NRF process and renders the discovery service…

  • CVE-2025-55904Sep 17, 2025
    risk 0.00cvss epss 0.00

    Open5GS v2.7.5, prior to commit 67ba7f92bbd7a378954895d96d9d7b05d5b64615, is vulnerable to a NULL pointer dereference when a multipart/related HTTP POST request with an empty HTTP body is sent to the SBI of either AMF, AUSF, BSF, NRF, NSSF, PCF, SMF, UDM, or UDR, resulting in a…

  • CVE-2025-52322Sep 9, 2025
    risk 0.00cvss epss 0.01

    An issue in Open5GS v2.7.2 and before allows a remote attacker to cause a denial of service via a crafted Create Session Request message to the SMF (PGW-C), using the IP address of a legitimate UE in the PDN Address Allocation (PAA) field

  • CVE-2025-52288Sep 8, 2025
    risk 0.00cvss epss 0.00

    Assertion failure in function ngap_build_downlink_nas_transport in file src/amf/ngap-build.c, the Access and Mobility Management Function (AMF) component, in Open5GS thru 2.7.5 allowing attackers to cause a denial of service or other unspecified impacts via repeated UE connect…

  • CVE-2025-9405Aug 25, 2025
    risk 0.00cvss epss 0.01

    A security flaw has been discovered in Open5GS up to 2.7.5. The impacted element is the function gmm_state_exception of the file src/amf/gmm-sm.c. The manipulation results in reachable assertion. It is possible to launch the attack remotely. The exploit has been released to the…

  • CVE-2025-8805Aug 10, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was determined in Open5GS up to 2.7.5. Affected by this issue is the function smf_gsm_state_wait_pfcp_deletion of the file src/smf/gsm-sm.c of the component SMF. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has…

  • CVE-2025-8804Aug 10, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in Open5GS up to 2.7.5. Affected by this vulnerability is the function ngap_build_downlink_nas_transport of the component AMF. The manipulation leads to reachable assertion. The attack can be launched remotely. The exploit has been disclosed to the…

Page 5 of 9