CVE-2026-1522

low-risk

Published 2026-01-28

A weakness has been identified in Open5GS up to 2.7.6. This vulnerability affects the function sgwc_s5c_handle_modify_bearer_response of the file src/sgwc/s5c-handler.c of the component SGWC. Executing a manipulation can lead to denial of service. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. This patch is called b19cf6a. Applying a patch is advised to resolve this issue. The issue report is flagged as already-fixed.

Do I need to act?

0.04% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Open5Gs

Affected Vendors

Open5Gs

References (8)

https://github.com/open5gs/open5gs/

Patch https://github.com/open5gs/open5gs/commit/b19cf6a

Exploit https://github.com/open5gs/open5gs/issues/4266

Exploit https://github.com/open5gs/open5gs/issues/4266#event-21968568116

Exploit https://github.com/open5gs/open5gs/issues/4266#issue-3794991595

Permissions Required https://vuldb.com/?ctiid.343193

Third Party Advisory https://vuldb.com/?id.343193

Exploit https://vuldb.com/?submit.738371

/ 100

low-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal