A vulnerability was detected in Open5GS up to 2.7.7. Impacted is the function ogssbistreamfindby_id in the library /lib/sbi/nghttp2-server.c of the component NSSF. Performing a manipulation results in denial of service. Attacking locally is a requirement. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
{
"cna_assigner": "VulDB",
"cwe_ids": [
"CWE-404"
],
"unresolved_ranges": [
{
"source": "AFFECTED_FIELD",
"extracted_events": [
{
"introduced": "2.7.3"
},
{
"last_affected": "2.7.3"
},
{
"introduced": "2.7.4"
},
{
"last_affected": "2.7.4"
}
]
}
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/8xxx/CVE-2026-8119.json"
}{
"source": [
"AFFECTED_FIELD",
"CPE_RANGE"
],
"cpe": "cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "2.7.0"
},
{
"last_affected": "2.7.0"
},
{
"introduced": "2.7.1"
},
{
"last_affected": "2.7.1"
},
{
"introduced": "2.7.2"
},
{
"last_affected": "2.7.2"
},
{
"introduced": "2.7.5"
},
{
"last_affected": "2.7.5"
},
{
"introduced": "2.7.6"
},
{
"last_affected": "2.7.6"
},
{
"introduced": "2.7.7"
},
{
"last_affected": "2.7.7"
},
{
"introduced": "0"
}
]
}