CVE-2026-8187

Source
https://cve.org/CVERecord?id=CVE-2026-8187
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-8187.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-8187
Published
2026-05-09T10:58:26.944Z
Modified
2026-07-15T01:49:10.041371571Z
Severity
  • 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X CVSS Calculator
Summary
Open5GS UPF gtp-path.c _gtpv1_u_recv_cb resource consumption
Details

A flaw has been found in Open5GS up to 2.7.7. This impacts the function gtpv1urecvcb of the file src/upf/gtp-path.c of the component UPF. Executing a manipulation can lead to resource consumption. The attack may be performed from remote. The project was informed of the problem early through an issue report but has not responded yet.

Database specific
{
    "cwe_ids": [
        "CWE-400",
        "CWE-404"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/8xxx/CVE-2026-8187.json",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "2.7.3"
                },
                {
                    "last_affected": "2.7.3"
                },
                {
                    "introduced": "2.7.4"
                },
                {
                    "last_affected": "2.7.4"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ],
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / github.com/open5gs/open5gs

Affected ranges

Type
GIT
Repo
https://github.com/open5gs/open5gs
Events
Database specific
{
    "cpe": "cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "2.7.0"
        },
        {
            "last_affected": "2.7.0"
        },
        {
            "introduced": "2.7.1"
        },
        {
            "last_affected": "2.7.1"
        },
        {
            "introduced": "2.7.2"
        },
        {
            "last_affected": "2.7.2"
        },
        {
            "introduced": "2.7.5"
        },
        {
            "last_affected": "2.7.5"
        },
        {
            "introduced": "2.7.6"
        },
        {
            "last_affected": "2.7.6"
        },
        {
            "introduced": "2.7.7"
        },
        {
            "last_affected": "2.7.7"
        },
        {
            "introduced": "0"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ]
}

Affected versions

2.*
2.7.0
2.7.1
2.7.2
2.7.5
2.7.6
2.7.7
v2.*
v2.7.0
v2.7.1
v2.7.2
v2.7.7

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-8187.json"