CVE-2026-10157

Source
https://cve.org/CVERecord?id=CVE-2026-10157
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-10157.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-10157
Published
2026-05-31T00:30:10.718Z
Modified
2026-07-09T19:18:38.003300Z
Severity
  • 5.5 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
Open5GS NGAP PathSwitchRequest Message ngap-handler.c improper authentication
Details

A vulnerability was identified in Open5GS up to 2.7.6. This impacts an unknown function of the file src/amf/ngap-handler.c of the component NGAP PathSwitchRequest Message Handler. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The identifier of the patch is a188e36b1741ffc2252133f59b1bda4f14d3cb5c. It is suggested to install a patch to address this issue.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "2.7.3"
                },
                {
                    "last_affected": "2.7.3"
                },
                {
                    "introduced": "2.7.4"
                },
                {
                    "last_affected": "2.7.4"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/10xxx/CVE-2026-10157.json",
    "cna_assigner": "VulDB",
    "cwe_ids": [
        "CWE-287"
    ]
}
References

Affected packages

Git / github.com/open5gs/open5gs

Affected ranges

Type
GIT
Repo
https://github.com/open5gs/open5gs
Events
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "2.7.0"
        },
        {
            "last_affected": "2.7.0"
        },
        {
            "introduced": "2.7.1"
        },
        {
            "last_affected": "2.7.1"
        },
        {
            "introduced": "2.7.2"
        },
        {
            "last_affected": "2.7.2"
        },
        {
            "introduced": "2.7.5"
        },
        {
            "last_affected": "2.7.5"
        },
        {
            "introduced": "2.7.6"
        },
        {
            "last_affected": "2.7.6"
        }
    ]
}

Affected versions

2.*
2.7.0
2.7.1
2.7.2
2.7.5
2.7.6
v2.*
v2.7.0
v2.7.1
v2.7.2
v2.7.7

Database specific

vanir_signatures_modified
"2026-07-09T19:18:38Z"
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-10157.json"
vanir_signatures
[
    {
        "id": "CVE-2026-10157-072374e4",
        "digest": {
            "line_hashes": [
                "150929632031874655718009513920389086018",
                "285635071149193599404114335968772551311",
                "3594017320476315394174733802488837635",
                "53457945338115391341232866543119495789"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/open5gs/open5gs/commit/a188e36b1741ffc2252133f59b1bda4f14d3cb5c",
        "deprecated": false,
        "target": {
            "file": "src/amf/context.h"
        }
    },
    {
        "id": "CVE-2026-10157-1da233d3",
        "digest": {
            "line_hashes": [
                "24737322982243616876889242969917164757",
                "54180955179008314870401268591472994322",
                "218275235828111296606094642867663350342",
                "27815801905710733471512820518010165605",
                "328562073431045921704065085870040890949",
                "179361997216220060391879783896961576810",
                "1230830778953317611583522639387529533",
                "303148798063614341293880820545280720723",
                "45770623573584605955575199961930106804",
                "340000184317965661512597398102725061063",
                "215068346342979723044613360588235929189",
                "311895432932596206126697257189720923636",
                "265227157028862115240507756606513675784",
                "163596729535424099095531907675832430825",
                "110814527376966594943609866317112493368",
                "282290698565140471280859226900921593569",
                "93935938512041780105051592202932431560",
                "190966576021060013200534487826888203102",
                "49293478092108574928000583255048120124",
                "180017938708823970779473952254322087378",
                "200105091125527225532604794552334641074",
                "164198326559565780497773205854609706890",
                "122828563251255602906613318701441469780",
                "96994373758194355686729107890516029526",
                "332874592974861466501368146606348830939",
                "165874383411278730501335553999084037322",
                "22596409650222641482842258360145792518",
                "190825708754393632040029558849196405159",
                "127869349451372553653756701903446609957",
                "19618792144580709253567321683174070501",
                "130991688982800049531532762727907844366",
                "31392423440239944931824967718484582500"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/open5gs/open5gs/commit/a188e36b1741ffc2252133f59b1bda4f14d3cb5c",
        "deprecated": false,
        "target": {
            "file": "src/amf/ngap-handler.c"
        }
    },
    {
        "id": "CVE-2026-10157-35a96d90",
        "digest": {
            "function_hash": "23480692765342341723963253929478955313",
            "length": 4401.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/open5gs/open5gs/commit/a188e36b1741ffc2252133f59b1bda4f14d3cb5c",
        "deprecated": false,
        "target": {
            "function": "ngap_build_path_switch_ack",
            "file": "src/amf/ngap-build.c"
        }
    },
    {
        "id": "CVE-2026-10157-75abc6f8",
        "digest": {
            "line_hashes": [
                "106078159677012252382795412543652689676",
                "218232140294763244688816652959812233471",
                "74530304118927606635820046746545503639",
                "105296386841639881607300022678654245776"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/open5gs/open5gs/commit/a188e36b1741ffc2252133f59b1bda4f14d3cb5c",
        "deprecated": false,
        "target": {
            "file": "src/mme/mme-context.h"
        }
    },
    {
        "id": "CVE-2026-10157-78cd9624",
        "digest": {
            "line_hashes": [
                "286189035926795041275448468298286239757",
                "119664780740929451533629277581656784885",
                "75931967229464975764389348022101586163",
                "174804453673415564846356138228460467612",
                "137470382512978379759306609909705103529",
                "97031581012958083773650412704982988739",
                "136476716668632091447037800047898653185",
                "122521086532304428160155534218601186993",
                "198778859421399032941398679859090998977",
                "157293855313139823354384250552585024846",
                "45291290247463861708668500747272634823",
                "118819503812999716765604742747564895438"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/open5gs/open5gs/commit/a188e36b1741ffc2252133f59b1bda4f14d3cb5c",
        "deprecated": false,
        "target": {
            "file": "src/amf/ngap-build.c"
        }
    },
    {
        "id": "CVE-2026-10157-7a8a791f",
        "digest": {
            "line_hashes": [
                "115148397684290867174235399781711622429",
                "157333238821392006172346499002881573287",
                "265879081196974552152078112401949354432",
                "194507328912535752314767484544208224903",
                "71274193741648941411969204032723994425",
                "60110323015501493923331494418803935323",
                "173935539617433569032140778515873633367",
                "303148798063614341293880820545280720723",
                "114079113901369346683225393624138931616",
                "96418411285471266988075979486294637772",
                "162637452748412472945289966878286078112",
                "180450212848969847882855684303636109122",
                "337062015532353316501517334065191161329",
                "242483697482787099379409575465507095352",
                "338079130114252798838044913549066355822",
                "75236316380000028387779013618111110323",
                "39105645149252750492741214599218815462",
                "105900165109449351103066896510785695058",
                "322587145210506345124734507805227787301",
                "337535145258256219034530980422893202785",
                "80006989486690222175525239832212246001",
                "217775697464979882470235190773012784232"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/open5gs/open5gs/commit/a188e36b1741ffc2252133f59b1bda4f14d3cb5c",
        "deprecated": false,
        "target": {
            "file": "src/mme/s1ap-handler.c"
        }
    },
    {
        "id": "CVE-2026-10157-a05f22cb",
        "digest": {
            "line_hashes": [
                "271779815144111224462083288235980521965",
                "262275724500036676113102478925752589119",
                "220520180765789834975955105260397609158",
                "159403222447157458463897843192405010869",
                "140726104079145403076672233653383021481",
                "279252106960445047772782110113854788692",
                "203661302962570666117007728730950672441",
                "102754109514700326511808668080916070382",
                "259494399889674847724421367685698080170",
                "29564203551528584977445815112888062803"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/open5gs/open5gs/commit/a188e36b1741ffc2252133f59b1bda4f14d3cb5c",
        "deprecated": false,
        "target": {
            "file": "src/mme/s1ap-build.c"
        }
    },
    {
        "id": "CVE-2026-10157-bd7a6d3f",
        "digest": {
            "function_hash": "333090560420762503150996983386899871657",
            "length": 3317.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/open5gs/open5gs/commit/a188e36b1741ffc2252133f59b1bda4f14d3cb5c",
        "deprecated": false,
        "target": {
            "function": "s1ap_build_path_switch_ack",
            "file": "src/mme/s1ap-build.c"
        }
    },
    {
        "id": "CVE-2026-10157-e9e768e9",
        "digest": {
            "function_hash": "93828982796154133995066764649628753712",
            "length": 12632.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/open5gs/open5gs/commit/a188e36b1741ffc2252133f59b1bda4f14d3cb5c",
        "deprecated": false,
        "target": {
            "function": "s1ap_handle_path_switch_request",
            "file": "src/mme/s1ap-handler.c"
        }
    },
    {
        "id": "CVE-2026-10157-f1de2bc6",
        "digest": {
            "function_hash": "161017474537907246578515062981084470287",
            "length": 10638.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/open5gs/open5gs/commit/a188e36b1741ffc2252133f59b1bda4f14d3cb5c",
        "deprecated": false,
        "target": {
            "function": "ngap_handle_path_switch_request",
            "file": "src/amf/ngap-handler.c"
        }
    }
]