CVE-2026-10156 PUBLISHED

Open5GS nf-instances Endpoint nnrf-handler.c handle_amf_info resource consumption

Assigner: VulDB
Reserved: 30.05.2026 Published: 30.05.2026 Updated: 30.05.2026

A vulnerability was determined in Open5GS up to 2.7.7. This affects the function handle_amf_info in the library /lib/sbi/nnrf-handler.c of the component nf-instances Endpoint. Executing a manipulation of the argument nf_info_pool can lead to resource consumption. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. Applying a patch is advised to resolve this issue. The issue report is flagged as already-fixed.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
CVSS Score: 5.3

Product Status

Vendor n/a
Product Open5GS
Versions
  • Version 2.7.0 is affected
  • Version 2.7.1 is affected
  • Version 2.7.2 is affected
  • Version 2.7.3 is affected
  • Version 2.7.4 is affected
  • Version 2.7.5 is affected
  • Version 2.7.6 is affected
  • Version 2.7.7 is affected

Credits

  • FrankyLin (VulDB User) reporter
  • VulDB CNA Team coordinator

References

Problem Types

  • Resource Consumption CWE
  • Denial of Service CWE