CVE-2026-10565
Open5GS NGAP Handover gmm-sm.c gmm_state_security_mode race condition
CVSS Score
3.1
EPSS Score
0.0%
EPSS Percentile
0th
A security flaw has been discovered in Open5GS up to 2.7.6. The impacted element is the function gmm_state_security_mode of the file src/amf/gmm-sm.c of the component NGAP Handover. Performing a manipulation results in race condition. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is regarded as difficult. The exploit has been released to the public and may be used for attacks. The pull request to fix this issue awaits acceptance.
| CWE | CWE-362 |
| Vendor | n/a |
| Product | open5gs |
| Published | Jun 2, 2026 |
| Last Updated | Jun 2, 2026 |
Stay Ahead of the Next One
Get instant alerts for n/a open5gs
Be the first to know when new low vulnerabilities affecting n/a open5gs are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
n/a / Open5GS
2.7.0 2.7.1 2.7.2 2.7.3 2.7.4 2.7.5 2.7.6
References
vuldb.com: https://vuldb.com/vuln/367672 vuldb.com: https://vuldb.com/vuln/367672/cti vuldb.com: https://vuldb.com/cve/CVE-2026-10565 vuldb.com: https://vuldb.com/submit/818938 github.com: https://github.com/open5gs/open5gs/issues/4497 github.com: https://github.com/open5gs/open5gs/pull/4501 github.com: https://github.com/user-attachments/files/27111025/N2-SMC-Concurrent.zip github.com: https://github.com/open5gs/open5gs/
Credits
Seungjoon Na (Kookmin University ICSR Lab) Jinha Kim (Kookmin University ICSR Lab) ๐ Seungjoon Na (VulDB User) Seungjoon Na (VulDB User) VulDB CNA Team