Home

Description

A security flaw has been discovered in Open5GS 2.7.7. This affects the function amf_context_final of the file src/amf/context.c of the component AMF. Performing a manipulation results in use after free. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks.

PUBLISHED Reserved 2026-07-09 | Published 2026-07-09 | Updated 2026-07-09 | Assigner VulDB




MEDIUM: 4.8CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
LOW: 3.3CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
LOW: 3.3CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
1.7AV:L/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR

Problem types

Use After Free

Memory Corruption

Timeline

2026-07-09:Advisory disclosed
2026-07-09:VulDB entry created
2026-07-09:VulDB entry last update

Credits

Buggweb (VulDB User) reporter

References

vuldb.com/vuln/377122 (VDB-377122 | Open5GS AMF context.c amf_context_final use after free) vdb-entry technical-description

vuldb.com/vuln/377122/cti (VDB-377122 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/cve/CVE-2026-15194 (CVE-2026-15194 | CVE Analysis and Report) third-party-advisory

vuldb.com/submit/851630 (Submit #851630 | Open5GS Project Open5GS 2.7.7 Use After Free) third-party-advisory

github.com/...pen5gs/security/advisories/GHSA-88pq-hpwv-2vjw exploit

github.com/open5gs/open5gs/ product

cve.org (CVE-2026-15194)

nvd.nist.gov (CVE-2026-15194)

Download JSON