CVE-2026-8223

Source
https://cve.org/CVERecord?id=CVE-2026-8223
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-8223.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-8223
Published
2026-05-10T02:45:08.468Z
Modified
2026-07-15T01:49:05.200443077Z
Severity
  • 5.5 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
Open5GS sm-policies Endpoint pcf_sess_sbi_discover_and_send denial of service
Details

A vulnerability was found in Open5GS up to 2.7.7. Affected by this vulnerability is the function pcfsesssbidiscoverand_send of the component sm-policies Endpoint. Performing a manipulation results in denial of service. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/8xxx/CVE-2026-8223.json",
    "cwe_ids": [
        "CWE-404"
    ],
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "2.7.3"
                },
                {
                    "last_affected": "2.7.3"
                },
                {
                    "introduced": "2.7.4"
                },
                {
                    "last_affected": "2.7.4"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ],
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / github.com/open5gs/open5gs

Affected ranges

Type
GIT
Repo
https://github.com/open5gs/open5gs
Events
Database specific
{
    "cpe": "cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*",
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ],
    "extracted_events": [
        {
            "introduced": "2.7.0"
        },
        {
            "last_affected": "2.7.0"
        },
        {
            "introduced": "2.7.1"
        },
        {
            "last_affected": "2.7.1"
        },
        {
            "introduced": "2.7.2"
        },
        {
            "last_affected": "2.7.2"
        },
        {
            "introduced": "2.7.5"
        },
        {
            "last_affected": "2.7.5"
        },
        {
            "introduced": "2.7.6"
        },
        {
            "last_affected": "2.7.6"
        },
        {
            "introduced": "2.7.7"
        },
        {
            "last_affected": "2.7.7"
        },
        {
            "introduced": "0"
        }
    ]
}

Affected versions

2.*
2.7.0
2.7.1
2.7.2
2.7.5
2.7.6
2.7.7
v2.*
v2.7.0
v2.7.1
v2.7.2
v2.7.7

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-8223.json"