CVE-2026-8743
Open5GS AMF/MME context.c ran_ue_find_by_amf_ue_ngap_id improper authorization
CVSS Score
6.3
EPSS Score
0.0%
EPSS Percentile
13th
A vulnerability was found in Open5GS up to 2.7.6. This impacts the function ran_ue_find_by_amf_ue_ngap_id of the file src/amf/context.c of the component AMF/MME. Performing a manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The patch is named 5746b8576cfceec18ed87eb7d8cf11b1fb4cd8b1. It is suggested to install a patch to address this issue.
| CWE | CWE-285 CWE-266 |
| Vendor | n/a |
| Product | open5gs |
| Published | May 17, 2026 |
| Last Updated | May 18, 2026 |
Stay Ahead of the Next One
Get instant alerts for n/a open5gs
Be the first to know when new medium vulnerabilities affecting n/a open5gs are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
n/a / Open5GS
2.7.0 2.7.1 2.7.2 2.7.3 2.7.4 2.7.5 2.7.6
References
vuldb.com: https://vuldb.com/vuln/364330 vuldb.com: https://vuldb.com/vuln/364330/cti vuldb.com: https://vuldb.com/submit/814559 github.com: https://github.com/open5gs/open5gs/issues/4498 github.com: https://github.com/open5gs/open5gs/pull/4553 github.com: https://github.com/open5gs/open5gs/commit/5746b8576cfceec18ed87eb7d8cf11b1fb4cd8b1 github.com: https://github.com/open5gs/open5gs/
Credits
Seungjoon Na (ICSR_KMU) Jinha Kim (ICSR_KMU) ๐ Seungjoon Na (VulDB User) Seungjoon Na (VulDB User)