CVE-2026-4240
Open5GS CCA smf_s6b_sta_cb denial of service
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was determined in Open5GS up to 2.7.6. The affected element is the function smf_gx_cca_cb/smf_gy_cca_cb/smf_s6b_aaa_cb/smf_s6b_sta_cb of the component CCA Handler. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.7.7 is sufficient to fix this issue. Patch name: 80eb484a6ab32968e755e628b70d1a9c64f012ec. Upgrading the affected component is recommended.
| CWE | CWE-404 |
| Vendor | n/a |
| Product | open5gs |
| Published | Mar 16, 2026 |
| Last Updated | Mar 16, 2026 |
Stay Ahead of the Next One
Get instant alerts for n/a open5gs
Be the first to know when new medium vulnerabilities affecting n/a open5gs are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
n/a / Open5GS
2.7.0 2.7.1 2.7.2 2.7.3 2.7.4 2.7.5 2.7.6
References
vuldb.com: https://vuldb.com/?id.351182 vuldb.com: https://vuldb.com/?ctiid.351182 vuldb.com: https://vuldb.com/?submit.771361 github.com: https://github.com/open5gs/open5gs/issues/4343 github.com: https://github.com/open5gs/open5gs/issues/4343#issue-4021871895 github.com: https://github.com/open5gs/open5gs/commit/80eb484a6ab32968e755e628b70d1a9c64f012ec github.com: https://github.com/open5gs/open5gs/releases/tag/v2.7.7 github.com: https://github.com/open5gs/open5gs/
Credits
๐ ZiyuLin (VulDB User)