CVE-2026-14618

Source
https://cve.org/CVERecord?id=CVE-2026-14618
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-14618.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-14618
Published
2026-07-04T06:00:09.970Z
Modified
2026-07-15T20:32:06.380615Z
Severity
  • 2.1 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
Open5GS AMF nnrf-handler.c amf_nnrf_handle_nf_discover denial of service
Details

A vulnerability was detected in Open5GS up to 2.7.7. Affected by this vulnerability is the function amfnnrfhandlenfdiscover of the file src/amf/nnrf-handler.c of the component AMF. The manipulation results in denial of service. The attack may be launched remotely. The exploit is now public and may be used. The patch is identified as fb5f67703de0213fb9c6e6ef3b48b6c1707e9503. It is best practice to apply a patch to resolve this issue.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/14xxx/CVE-2026-14618.json",
    "cwe_ids": [
        "CWE-404"
    ],
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "2.7.3"
                },
                {
                    "last_affected": "2.7.3"
                },
                {
                    "introduced": "2.7.4"
                },
                {
                    "last_affected": "2.7.4"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ],
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / github.com/ferrancanellas/open5gs

Affected ranges

Type
GIT
Repo
https://github.com/ferrancanellas/open5gs
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "REFERENCES"
}
Type
GIT
Repo
https://github.com/open5gs/open5gs
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "2.7.0"
        },
        {
            "last_affected": "2.7.0"
        },
        {
            "introduced": "2.7.1"
        },
        {
            "last_affected": "2.7.1"
        },
        {
            "introduced": "2.7.2"
        },
        {
            "last_affected": "2.7.2"
        },
        {
            "introduced": "2.7.5"
        },
        {
            "last_affected": "2.7.5"
        },
        {
            "introduced": "2.7.6"
        },
        {
            "last_affected": "2.7.6"
        },
        {
            "introduced": "2.7.7"
        },
        {
            "last_affected": "2.7.7"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

2.*
2.7.0
2.7.1
2.7.2
2.7.5
2.7.6
2.7.7
v2.*
v2.7.0
v2.7.1
v2.7.2
v2.7.7

Database specific

vanir_signatures
[
    {
        "source": "https://github.com/ferrancanellas/open5gs/commit/fb5f67703de0213fb9c6e6ef3b48b6c1707e9503",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "35511486027136567140912872645359814233",
                "277787368761806272593061346502897317219",
                "220875080607785509674374129760578810450",
                "32513599093208623380068313232022504263",
                "318888042328657968951925711515882586614",
                "188867816864146622733536750260229891926",
                "228340014219486784761646283968947641223",
                "322187844324433449683830270923260846501",
                "9719669296082476449264085730364527544",
                "151523735742662310263602163065819991596",
                "126268763002383954517762244861563848558",
                "312310810970972713920994562981978612592",
                "105833243667702633266751197752826700868",
                "153928344020146367483346799346028947397",
                "223636038583202380014230133143858664746",
                "126721040058264043287876085985826487934",
                "128147253359087901126673395437176127878",
                "51909030929943861244280044178431587713",
                "70476095015625546984486070578040078654",
                "177534433220538632605653567225476256405",
                "282488836650575543161800974652707303398",
                "165313352705454850714865132544221416698",
                "75257696414839944806979342633967054362",
                "156484763211412816625013940397306949219",
                "30752856504658519647809440437449984368",
                "178726748302376544967661559221052219550"
            ]
        },
        "id": "CVE-2026-14618-0fb9b0ac",
        "signature_type": "Line",
        "target": {
            "file": "src/amf/nnrf-handler.c"
        }
    },
    {
        "source": "https://github.com/ferrancanellas/open5gs/commit/fb5f67703de0213fb9c6e6ef3b48b6c1707e9503",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "160433884742421136587568768308375675852",
            "length": 2966.0
        },
        "id": "CVE-2026-14618-11cb92da",
        "signature_type": "Function",
        "target": {
            "function": "amf_nnrf_handle_nf_discover",
            "file": "src/amf/nnrf-handler.c"
        }
    },
    {
        "source": "https://github.com/ferrancanellas/open5gs/commit/fb5f67703de0213fb9c6e6ef3b48b6c1707e9503",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "242888857231980047421843416279902073420",
            "length": 986.0
        },
        "id": "CVE-2026-14618-356d0d39",
        "signature_type": "Function",
        "target": {
            "function": "amf_nnrf_handle_failed_amf_discovery",
            "file": "src/amf/nnrf-handler.c"
        }
    }
]
vanir_signatures_modified
"2026-07-15T20:32:06Z"
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-14618.json"