CVE-2026-1738

low-risk

Published 2026-02-02

A flaw has been found in Open5GS up to 2.7.6. The impacted element is the function sgwc_tunnel_add of the file /src/sgwc/context.c of the component SGWC. Executing a manipulation of the argument pdr can lead to reachable assertion. The attack can be executed remotely. The exploit has been published and may be used. It is advisable to implement a patch to correct this issue. The issue report is flagged as already-fixed.

Do I need to act?

0.05% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Open5Gs

Affected Vendors

Open5Gs

References (7)

Product https://github.com/open5gs/open5gs/

Exploit https://github.com/open5gs/open5gs/issues/4261

Issue Tracking https://github.com/open5gs/open5gs/issues/4261#event-21968563677

Exploit https://github.com/open5gs/open5gs/issues/4261#issue-3787803578

Permissions Required https://vuldb.com/?ctiid.343637

Third Party Advisory https://vuldb.com/?id.343637

Third Party Advisory https://vuldb.com/?submit.741193

/ 100

low-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal