Home

Description

A vulnerability was found in Open5GS up to 2.7.6. Affected by this issue is the function sgwc_s5c_handle_create_session_response of the file src/sgwc/s5c-handler.c. Performing a manipulation results in denial of service. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The patch is named b19cf6a2dbf5d30811be4488bf059c865bd7d1d2. To fix this issue, it is recommended to deploy a patch.

PUBLISHED Reserved 2026-01-16 | Published 2026-01-16 | Updated 2026-02-23 | Assigner VulDB




MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
MEDIUM: 5.3CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
5.0AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C

Problem types

Denial of Service

Timeline

2026-01-16:Advisory disclosed
2026-01-16:VulDB entry created
2026-02-09:VulDB entry last update

Credits

ZiyuLin (VulDB User) reporter

References

vuldb.com/?id.341596 (VDB-341596 | Open5GS s5c-handler.c sgwc_s5c_handle_create_session_response denial of service) vdb-entry technical-description

vuldb.com/?ctiid.341596 (VDB-341596 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/?submit.728130 (Submit #728130 | Open5GS SGWC v2.7.6 Denial of Service) third-party-advisory

vuldb.com/?submit.738372 (Submit #738372 | Open5GS SGWC v2.7.6 Denial of Service (Duplicate)) third-party-advisory

github.com/open5gs/open5gs/issues/4226 issue-tracking

github.com/open5gs/open5gs/issues/4226 exploit issue-tracking

github.com/...ommit/b19cf6a2dbf5d30811be4488bf059c865bd7d1d2 patch

github.com/open5gs/open5gs/ product

cve.org (CVE-2025-15529)

nvd.nist.gov (CVE-2025-15529)

Download JSON