A vulnerability was identified in Open5GS up to 2.7.6. This impacts an unknown function of the file src/amf/ngap-handler.c of the component NGAP PathSwitchRequest Message Handler. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The identifier of the patch is a188e36b1741ffc2252133f59b1bda4f14d3cb5c. It is suggested to install a patch to address this issue.
{
"unresolved_ranges": [
{
"source": "AFFECTED_FIELD",
"extracted_events": [
{
"introduced": "2.7.3"
},
{
"last_affected": "2.7.3"
},
{
"introduced": "2.7.4"
},
{
"last_affected": "2.7.4"
}
]
}
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/10xxx/CVE-2026-10157.json",
"cna_assigner": "VulDB",
"cwe_ids": [
"CWE-287"
]
}{
"source": [
"AFFECTED_FIELD",
"REFERENCES"
],
"extracted_events": [
{
"introduced": "2.7.0"
},
{
"last_affected": "2.7.0"
},
{
"introduced": "2.7.1"
},
{
"last_affected": "2.7.1"
},
{
"introduced": "2.7.2"
},
{
"last_affected": "2.7.2"
},
{
"introduced": "2.7.5"
},
{
"last_affected": "2.7.5"
},
{
"introduced": "2.7.6"
},
{
"last_affected": "2.7.6"
}
]
}"2026-07-09T19:18:38Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-10157.json"
[
{
"id": "CVE-2026-10157-072374e4",
"digest": {
"line_hashes": [
"150929632031874655718009513920389086018",
"285635071149193599404114335968772551311",
"3594017320476315394174733802488837635",
"53457945338115391341232866543119495789"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/open5gs/open5gs/commit/a188e36b1741ffc2252133f59b1bda4f14d3cb5c",
"deprecated": false,
"target": {
"file": "src/amf/context.h"
}
},
{
"id": "CVE-2026-10157-1da233d3",
"digest": {
"line_hashes": [
"24737322982243616876889242969917164757",
"54180955179008314870401268591472994322",
"218275235828111296606094642867663350342",
"27815801905710733471512820518010165605",
"328562073431045921704065085870040890949",
"179361997216220060391879783896961576810",
"1230830778953317611583522639387529533",
"303148798063614341293880820545280720723",
"45770623573584605955575199961930106804",
"340000184317965661512597398102725061063",
"215068346342979723044613360588235929189",
"311895432932596206126697257189720923636",
"265227157028862115240507756606513675784",
"163596729535424099095531907675832430825",
"110814527376966594943609866317112493368",
"282290698565140471280859226900921593569",
"93935938512041780105051592202932431560",
"190966576021060013200534487826888203102",
"49293478092108574928000583255048120124",
"180017938708823970779473952254322087378",
"200105091125527225532604794552334641074",
"164198326559565780497773205854609706890",
"122828563251255602906613318701441469780",
"96994373758194355686729107890516029526",
"332874592974861466501368146606348830939",
"165874383411278730501335553999084037322",
"22596409650222641482842258360145792518",
"190825708754393632040029558849196405159",
"127869349451372553653756701903446609957",
"19618792144580709253567321683174070501",
"130991688982800049531532762727907844366",
"31392423440239944931824967718484582500"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/open5gs/open5gs/commit/a188e36b1741ffc2252133f59b1bda4f14d3cb5c",
"deprecated": false,
"target": {
"file": "src/amf/ngap-handler.c"
}
},
{
"id": "CVE-2026-10157-35a96d90",
"digest": {
"function_hash": "23480692765342341723963253929478955313",
"length": 4401.0
},
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/open5gs/open5gs/commit/a188e36b1741ffc2252133f59b1bda4f14d3cb5c",
"deprecated": false,
"target": {
"function": "ngap_build_path_switch_ack",
"file": "src/amf/ngap-build.c"
}
},
{
"id": "CVE-2026-10157-75abc6f8",
"digest": {
"line_hashes": [
"106078159677012252382795412543652689676",
"218232140294763244688816652959812233471",
"74530304118927606635820046746545503639",
"105296386841639881607300022678654245776"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/open5gs/open5gs/commit/a188e36b1741ffc2252133f59b1bda4f14d3cb5c",
"deprecated": false,
"target": {
"file": "src/mme/mme-context.h"
}
},
{
"id": "CVE-2026-10157-78cd9624",
"digest": {
"line_hashes": [
"286189035926795041275448468298286239757",
"119664780740929451533629277581656784885",
"75931967229464975764389348022101586163",
"174804453673415564846356138228460467612",
"137470382512978379759306609909705103529",
"97031581012958083773650412704982988739",
"136476716668632091447037800047898653185",
"122521086532304428160155534218601186993",
"198778859421399032941398679859090998977",
"157293855313139823354384250552585024846",
"45291290247463861708668500747272634823",
"118819503812999716765604742747564895438"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/open5gs/open5gs/commit/a188e36b1741ffc2252133f59b1bda4f14d3cb5c",
"deprecated": false,
"target": {
"file": "src/amf/ngap-build.c"
}
},
{
"id": "CVE-2026-10157-7a8a791f",
"digest": {
"line_hashes": [
"115148397684290867174235399781711622429",
"157333238821392006172346499002881573287",
"265879081196974552152078112401949354432",
"194507328912535752314767484544208224903",
"71274193741648941411969204032723994425",
"60110323015501493923331494418803935323",
"173935539617433569032140778515873633367",
"303148798063614341293880820545280720723",
"114079113901369346683225393624138931616",
"96418411285471266988075979486294637772",
"162637452748412472945289966878286078112",
"180450212848969847882855684303636109122",
"337062015532353316501517334065191161329",
"242483697482787099379409575465507095352",
"338079130114252798838044913549066355822",
"75236316380000028387779013618111110323",
"39105645149252750492741214599218815462",
"105900165109449351103066896510785695058",
"322587145210506345124734507805227787301",
"337535145258256219034530980422893202785",
"80006989486690222175525239832212246001",
"217775697464979882470235190773012784232"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/open5gs/open5gs/commit/a188e36b1741ffc2252133f59b1bda4f14d3cb5c",
"deprecated": false,
"target": {
"file": "src/mme/s1ap-handler.c"
}
},
{
"id": "CVE-2026-10157-a05f22cb",
"digest": {
"line_hashes": [
"271779815144111224462083288235980521965",
"262275724500036676113102478925752589119",
"220520180765789834975955105260397609158",
"159403222447157458463897843192405010869",
"140726104079145403076672233653383021481",
"279252106960445047772782110113854788692",
"203661302962570666117007728730950672441",
"102754109514700326511808668080916070382",
"259494399889674847724421367685698080170",
"29564203551528584977445815112888062803"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/open5gs/open5gs/commit/a188e36b1741ffc2252133f59b1bda4f14d3cb5c",
"deprecated": false,
"target": {
"file": "src/mme/s1ap-build.c"
}
},
{
"id": "CVE-2026-10157-bd7a6d3f",
"digest": {
"function_hash": "333090560420762503150996983386899871657",
"length": 3317.0
},
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/open5gs/open5gs/commit/a188e36b1741ffc2252133f59b1bda4f14d3cb5c",
"deprecated": false,
"target": {
"function": "s1ap_build_path_switch_ack",
"file": "src/mme/s1ap-build.c"
}
},
{
"id": "CVE-2026-10157-e9e768e9",
"digest": {
"function_hash": "93828982796154133995066764649628753712",
"length": 12632.0
},
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/open5gs/open5gs/commit/a188e36b1741ffc2252133f59b1bda4f14d3cb5c",
"deprecated": false,
"target": {
"function": "s1ap_handle_path_switch_request",
"file": "src/mme/s1ap-handler.c"
}
},
{
"id": "CVE-2026-10157-f1de2bc6",
"digest": {
"function_hash": "161017474537907246578515062981084470287",
"length": 10638.0
},
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/open5gs/open5gs/commit/a188e36b1741ffc2252133f59b1bda4f14d3cb5c",
"deprecated": false,
"target": {
"function": "ngap_handle_path_switch_request",
"file": "src/amf/ngap-handler.c"
}
}
]