CVE-2026-1521 – A remote denial-of-service vulnerability exists... (How to Fix)

Q: What is the severity of CVE-2026-1521?

CVE-2026-1521 has a CVSS score of 5.3 (MEDIUM). A remote denial-of-service vulnerability exists in Open5GS SGWC component where manipulation of the sgwc_s5c_handle_bearer_resource_failure_indication function can crash the service. This affects all Open5GS deployments up to version 2.7.6 that have SGWC enabled. Attackers can exploit this remotely without authentication to disrupt 5G core network services.

📋 TL;DR

A remote denial-of-service vulnerability exists in Open5GS SGWC component where manipulation of the sgwc_s5c_handle_bearer_resource_failure_indication function can crash the service. This affects all Open5GS deployments up to version 2.7.6 that have SGWC enabled. Attackers can exploit this remotely without authentication to disrupt 5G core network services.

💻 Affected Systems

Products:

Open5GS

Versions: All versions up to and including 2.7.6

Operating Systems: Linux, Unix-based systems

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects deployments with SGWC (Serving Gateway Control) component enabled, which is part of standard Open5GS 5G core deployments.

📦 What is this software?

Open5gs by Open5gs

View all CVEs affecting Open5gs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete SGWC service disruption causing 5G session management failures, affecting all connected user equipment in the network.

🟠

Likely Case

Targeted SGWC service crashes requiring manual restart, causing temporary service outages for affected network slices.

🟢

If Mitigated

Service remains available with proper network segmentation and monitoring detecting exploitation attempts.

🌐 Internet-Facing: HIGH - The vulnerability can be exploited remotely without authentication, and public exploit code exists.

🏢 Internal Only: MEDIUM - While still exploitable from internal networks, proper segmentation reduces attack surface.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code has been publicly released and requires minimal technical skill to execute. The vulnerability is in a network-facing component.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit 69b53add90a9479d7960b822fc60601d659c328b and later versions

Vendor Advisory: https://github.com/open5gs/open5gs/issues/4268

Restart Required: Yes

Instructions:

1. Update Open5GS to latest version or apply commit 69b53add90a9479d7960b822fc60601d659c328b. 2. Rebuild from source if using source installation. 3. Restart SGWC service and all dependent services.

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict access to SGWC service ports (typically 2123 for S5-C interface) to trusted network segments only.

iptables -A INPUT -p tcp --dport 2123 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 2123 -j DROP

🧯 If You Can't Patch

Implement strict network access controls to limit SGWC S5-C interface exposure
Deploy intrusion detection systems monitoring for abnormal SGWC traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check Open5GS version: open5gs --version. If version is 2.7.6 or earlier, check if SGWC is running: systemctl status open5gs-sgwc

Check Version:

open5gs --version

Verify Fix Applied:

Verify commit hash includes 69b53add90a9479d7960b822fc60601d659c328b: git log --oneline | grep 69b53add

📡 Detection & Monitoring

Log Indicators:

SGWC service crashes or restarts
Error logs mentioning sgwc_s5c_handle_bearer_resource_failure_indication
Abnormal termination of sgwc process

Network Indicators:

Unusual traffic patterns to SGWC S5-C port (2123)
Multiple connection attempts from single source to SGWC

SIEM Query:

source="open5gs.log" AND ("sgwc crash" OR "segmentation fault" OR "bearer_resource_failure")

📊 Metadata

CVE ID: CVE-2026-1521

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE: CWE-404

Published: January 28, 2026

Last Updated: February 23, 2026

🔗 References

https://github.com/open5gs/open5gs/
https://github.com/open5gs/open5gs/commit/69b53add90a9479d7960b822fc60601d659c328b Patch
https://github.com/open5gs/open5gs/issues/4268 Exploit,Issue Tracking,Vendor Advisory
https://github.com/open5gs/open5gs/issues/4268#event-21989483261 Exploit,Issue Tracking,Vendor Advisory
https://github.com/open5gs/open5gs/issues/4268#issue-3795012861 Exploit,Issue Tracking,Vendor Advisory
https://vuldb.com/?ctiid.343192 Permissions Required,VDB Entry
https://vuldb.com/?id.343192 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.738370 Exploit,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-1521, you might also want to check these: