CVE-2026-2523

Source
https://cve.org/CVERecord?id=CVE-2026-2523
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-2523.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-2523
Published
2026-02-16T00:02:07.539Z
Modified
2026-07-08T08:12:25.759722472Z
Severity
  • 5.5 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
Open5GS SMF gn-handler.c smf_gn_handle_create_pdp_context_request assertion
Details

A vulnerability was detected in Open5GS up to 2.7.6. The affected element is the function smfgnhandlecreatepdpcontextrequest of the file /src/smf/gn-handler.c of the component SMF. The manipulation results in reachable assertion. It is possible to launch the attack remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Database specific
{
    "cna_assigner": "VulDB",
    "cwe_ids": [
        "CWE-617"
    ],
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "2.7.3"
                },
                {
                    "last_affected": "2.7.3"
                },
                {
                    "introduced": "2.7.4"
                },
                {
                    "last_affected": "2.7.4"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/2xxx/CVE-2026-2523.json"
}
References

Affected packages

Git / github.com/open5gs/open5gs

Affected ranges

Type
GIT
Repo
https://github.com/open5gs/open5gs
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "2.7.0"
        },
        {
            "last_affected": "2.7.0"
        },
        {
            "introduced": "2.7.1"
        },
        {
            "last_affected": "2.7.1"
        },
        {
            "introduced": "2.7.2"
        },
        {
            "last_affected": "2.7.2"
        },
        {
            "introduced": "2.7.5"
        },
        {
            "last_affected": "2.7.5"
        },
        {
            "introduced": "2.7.6"
        },
        {
            "last_affected": "2.7.6"
        },
        {
            "introduced": "0"
        }
    ],
    "cpe": "cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*",
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ]
}

Affected versions

2.*
2.7.0
2.7.1
2.7.2
2.7.5
2.7.6
v2.*
v2.7.0
v2.7.1
v2.7.2
v2.7.5
v2.7.6

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-2523.json"