CVE-2026-1586 – A denial-of-service vulnerability exists in Ope... (How to Fix)

Q: What is the severity of CVE-2026-1586?

CVE-2026-1586 has a CVSS score of 5.3 (MEDIUM). A denial-of-service vulnerability exists in Open5GS SGWC component where remote attackers can manipulate the ogs_gtp2_f_teid_to_ip function to crash the service. This affects Open5GS deployments up to version 2.7.5 that have SGWC exposed to untrusted networks.

📋 TL;DR

A denial-of-service vulnerability exists in Open5GS SGWC component where remote attackers can manipulate the ogs_gtp2_f_teid_to_ip function to crash the service. This affects Open5GS deployments up to version 2.7.5 that have SGWC exposed to untrusted networks.

💻 Affected Systems

Products:

Open5GS

Versions: Up to and including 2.7.5

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects deployments with SGWC component enabled and exposed to untrusted networks.

📦 What is this software?

Open5gs by Open5gs

View all CVEs affecting Open5gs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote attackers cause complete SGWC service disruption, affecting all 5G core network functions dependent on SGWC connectivity.

🟠

Likely Case

Service crashes requiring manual restart, causing temporary 5G core network service interruption.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring that detects and blocks exploitation attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details published in GitHub issues, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.7.6 and later

Vendor Advisory: https://github.com/open5gs/open5gs/issues/4273

Restart Required: Yes

Instructions:

1. Update Open5GS to version 2.7.6 or later. 2. Restart all Open5GS services. 3. Verify SGWC component is running correctly.

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict network access to SGWC component to trusted internal networks only

iptables -A INPUT -p tcp --dport [SGWC_PORT] -s [TRUSTED_NETWORK] -j ACCEPT
iptables -A INPUT -p tcp --dport [SGWC_PORT] -j DROP

🧯 If You Can't Patch

Implement strict network access controls to limit SGWC exposure to only trusted internal networks.
Deploy network monitoring and intrusion detection systems to detect and block exploitation attempts targeting SGWC.

🔍 How to Verify

Check if Vulnerable:

Check Open5GS version: open5gs --version. If version is 2.7.5 or earlier, system is vulnerable.

Check Version:

open5gs --version

Verify Fix Applied:

Verify Open5GS version is 2.7.6 or later and SGWC service is running without crashes after applying patch.

📡 Detection & Monitoring

Log Indicators:

SGWC service crashes or restarts
Error logs mentioning ogs_gtp2_f_teid_to_ip function failures
Unexpected process termination in SGWC logs

Network Indicators:

Unusual traffic patterns to SGWC port
Malformed GTP packets targeting SGWC

SIEM Query:

source="open5gs.logs" AND ("crash" OR "segfault" OR "ogs_gtp2_f_teid_to_ip")

📊 Metadata

CVE ID: CVE-2026-1586

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE: CWE-404

EPSS Score: 0.07% exploit probability (20.7th percentile)

Published: January 29, 2026

Last Updated: February 23, 2026

🔗 References

https://github.com/open5gs/open5gs/
https://github.com/open5gs/open5gs/issues/4273 Exploit,Issue Tracking,Vendor Advisory
https://github.com/open5gs/open5gs/issues/4273#event-21968643659 Exploit,Issue Tracking,Vendor Advisory
https://github.com/open5gs/open5gs/issues/4273#issue-3796030721 Exploit,Issue Tracking,Vendor Advisory
https://vuldb.com/?ctiid.343349 Permissions Required,VDB Entry
https://vuldb.com/?id.343349 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.738375 Exploit,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-1586, you might also want to check these: