CVE-2026-1737 – This vulnerability in Open5GS allows remote att... (How to Fix)

Q: What is the severity of CVE-2026-1737?

CVE-2026-1737 has a CVSS score of 5.3 (MEDIUM). This vulnerability in Open5GS allows remote attackers to trigger a reachable assertion in the CreateBearerRequest handler, potentially causing denial of service. Systems running Open5GS versions up to 2.7.6 with the SGWC component exposed are affected. The vulnerability is publicly exploitable and has been patched.

📋 TL;DR

This vulnerability in Open5GS allows remote attackers to trigger a reachable assertion in the CreateBearerRequest handler, potentially causing denial of service. Systems running Open5GS versions up to 2.7.6 with the SGWC component exposed are affected. The vulnerability is publicly exploitable and has been patched.

💻 Affected Systems

Products:

Open5GS

Versions: up to 2.7.6

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with SGWC component enabled and exposed to untrusted networks.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote attacker causes service disruption or crash of the SGWC component, affecting 5G core network functionality for connected devices.

🟠

Likely Case

Denial of service affecting the SGWC's CreateBearerRequest handling, disrupting bearer establishment for new sessions.

🟢

If Mitigated

Minimal impact if network segmentation prevents external access to SGWC interfaces.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit available, remote exploitation possible without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.7.7 or later

Vendor Advisory: https://github.com/open5gs/open5gs/issues/4271

Restart Required: Yes

Instructions:

1. Update Open5GS to version 2.7.7 or later. 2. Restart all Open5GS services. 3. Verify the patch is applied by checking version and monitoring logs.

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict access to SGWC S5-C interface to trusted networks only

iptables -A INPUT -p tcp --dport 2123 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 2123 -j DROP

🧯 If You Can't Patch

Implement strict network access controls to limit SGWC exposure
Deploy intrusion detection systems to monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check Open5GS version: open5gs --version. If version is 2.7.6 or earlier, system is vulnerable.

Check Version:

open5gs --version

Verify Fix Applied:

Verify version is 2.7.7 or later and monitor logs for assertion failures.

📡 Detection & Monitoring

Log Indicators:

Assertion failures in sgwc logs
Unexpected CreateBearerRequest handling errors

Network Indicators:

Unusual traffic patterns to SGWC S5-C interface (port 2123)

SIEM Query:

source="sgwc.log" AND "assertion" OR "CreateBearerRequest" AND error

📊 Metadata

CVE ID: CVE-2026-1737

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE: CWE-617

Published: February 2, 2026

Last Updated: February 4, 2026

🤖 AI-assisted analysis, reviewed for accuracy