CVE-2026-8268: DoS in Open5GS 2.7.0–2.7.7
Plattform
linux
Komponente
open5gs
CVE-2026-8268 represents a denial-of-service (DoS) vulnerability discovered in Open5GS versions 2.7.0 through 2.7.7. This flaw resides within the OpenAPIlistcreate function of the SMF component, allowing a remote attacker to disrupt service availability. While the project has been notified, a fix is currently unavailable, necessitating immediate mitigation strategies.
Auswirkungen und Angriffsszenarien
Successful exploitation of CVE-2026-8268 allows an attacker to induce a denial of service within the Open5GS environment. This means legitimate users and applications relying on the Open5GS service will be unable to connect or function correctly. The remote nature of the attack means an attacker does not need to be on the same network as the Open5GS server, significantly broadening the potential attack surface. The impact can range from temporary service outages to complete system unavailability, potentially affecting critical network functions depending on Open5GS’s role in the infrastructure. Given the public disclosure, the risk of exploitation is elevated.
Ausnutzungskontext
CVE-2026-8268 is publicly disclosed, increasing the likelihood of exploitation. The EPSS score is pending evaluation, but the public nature of the vulnerability suggests a medium to high probability of exploitation. No specific threat actor campaigns have been publicly linked to this vulnerability at the time of writing, but the availability of the vulnerability details makes it a potential target for opportunistic attackers. The vulnerability was published on 2026-05-11.
Bedrohungsanalyse
Exploit-Status
EPSS
0.04% (12% Perzentil)
CISA SSVC
CVSS-Vektor
Was bedeuten diese Metriken?
- Attack Vector
- Netzwerk — aus der Ferne über das Internet ausnutzbar. Kein physischer oder lokaler Zugriff erforderlich.
- Attack Complexity
- Niedrig — keine besonderen Bedingungen erforderlich. Zuverlässig ausnutzbar.
- Privileges Required
- Niedrig — jedes gültige Benutzerkonto ist ausreichend.
- User Interaction
- Keine — automatischer und lautloser Angriff. Das Opfer tut nichts.
- Scope
- Unverändert — Auswirkung auf das anfällige Komponente beschränkt.
- Confidentiality
- Keine — kein Vertraulichkeitseinfluss.
- Integrity
- Keine — kein Integritätseinfluss.
- Availability
- Niedrig — partieller oder intermittierender Denial of Service.
Betroffene Software
Schwachstellen-Klassifikation (CWE)
Zeitleiste
- Reserviert
- Veröffentlicht
- EPSS aktualisiert
Mitigation und Workarounds
Due to the lack of a patch from the Open5GS project, immediate mitigation is crucial. Implement rate limiting on incoming requests to the SMF component to prevent resource exhaustion. Consider deploying a Web Application Firewall (WAF) or proxy server to filter malicious traffic and block requests exhibiting suspicious patterns. Carefully review and restrict network access to the Open5GS server, limiting exposure to only necessary ports and IP addresses. Monitor system logs for unusual activity or error messages related to the SMF component. After implementing these mitigations, verify service availability and responsiveness under simulated load to ensure effectiveness.
So behebenwird übersetzt…
Se recomienda actualizar Open5GS a una versión posterior a la 2.7.7 para mitigar la vulnerabilidad de denegación de servicio. Verificar la documentación oficial de Open5GS para obtener instrucciones de actualización específicas. Dado que el proyecto no ha respondido, se recomienda monitorear activamente las actualizaciones de seguridad.
Häufig gestellte Fragen
What is CVE-2026-8268 — DoS in Open5GS 2.7.0–2.7.7?
CVE-2026-8268 is a denial-of-service vulnerability affecting Open5GS versions 2.7.0 through 2.7.7. It allows a remote attacker to disrupt service availability by exploiting the OpenAPIlistcreate function in the SMF component.
Am I affected by CVE-2026-8268 in Open5GS 2.7.0–2.7.7?
If you are running Open5GS versions 2.7.0 through 2.7.7, you are potentially affected by this vulnerability. Immediate mitigation steps are necessary until a patch is released.
How do I fix CVE-2026-8268 in Open5GS 2.7.0–2.7.7?
A patch is not currently available. Mitigate by implementing rate limiting, WAF rules, network access restrictions, and monitoring system logs. Regularly check for updates from the Open5GS project.
Is CVE-2026-8268 being actively exploited?
The vulnerability is publicly disclosed, increasing the risk of exploitation. While no active campaigns have been confirmed, the potential for exploitation is high.
Where can I find the official Open5GS advisory for CVE-2026-8268?
Refer to the Open5GS project's official website and security advisories for updates and information regarding CVE-2026-8268. Check their GitHub repository for any announcements.
Ist dein Projekt betroffen?
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Jetzt testen — kein Konto
Laden Sie ein Manifest hoch (composer.lock, package-lock.json, WordPress Plugin-Liste…) oder fügen Sie Ihre Komponentenliste ein. Sie erhalten sofort einen Schwachstellenbericht. Das Hochladen einer Datei ist nur der Anfang: Mit einem Konto erhalten Sie kontinuierliche Überwachung, Slack/email-Benachrichtigungen, Multi-Projekt- und White-Label-Berichte.
Abhängigkeitsdatei hier ablegen
composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...