CVE-2026-2062 – This CVE describes a null pointer dereference v... (How to Fix)

📋 TL;DR

This CVE describes a null pointer dereference vulnerability in Open5GS PGW S5U Address Handler that can cause denial of service. Attackers can remotely trigger this vulnerability to crash affected Open5GS instances. Organizations running Open5GS versions up to 2.7.6 are affected.

💻 Affected Systems

Products:

Open5GS

Versions: Up to and including version 2.7.6

Operating Systems: Linux, Unix-like systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the PGW (Packet Gateway) component's S5U address handler functions. Any Open5GS deployment with PGW functionality enabled is vulnerable.

📦 What is this software?

Open5gs by Open5gs

View all CVEs affecting Open5gs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of the affected Open5GS instance, causing loss of 5G core network functionality for connected devices.

🟠

Likely Case

Service crash requiring manual restart of the Open5GS component, leading to temporary service interruption.

🟢

If Mitigated

No impact if patched or if workarounds prevent exploitation attempts.

🌐 Internet-Facing: HIGH - The vulnerability can be exploited remotely without authentication, making internet-facing instances particularly vulnerable.

🏢 Internal Only: MEDIUM - Internal instances are still vulnerable but have reduced attack surface compared to internet-facing deployments.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The exploit is publicly available and relatively simple to execute, making this vulnerability attractive to attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after commit f1bbd7b57f831e2a070780a7d8d5d4c73babdb59

Vendor Advisory: https://github.com/open5gs/open5gs/issues/4257

Restart Required: Yes

Instructions:

1. Update Open5GS to latest version or apply commit f1bbd7b57f831e2a070780a7d8d5d4c73babdb59
2. Restart Open5GS services
3. Verify the patch is applied by checking the version

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict network access to Open5GS PGW components to trusted sources only

iptables -A INPUT -p tcp --dport [PGW_PORT] -s [TRUSTED_NETWORK] -j ACCEPT
iptables -A INPUT -p tcp --dport [PGW_PORT] -j DROP

🧯 If You Can't Patch

Implement strict network access controls to limit exposure to the vulnerable PGW component
Deploy monitoring and alerting for service crashes to enable rapid response to exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check Open5GS version: open5gs --version | grep '2.7.6' or earlier

Check Version:

open5gs --version

Verify Fix Applied:

Verify commit f1bbd7b57f831e2a070780a7d8d5d4c73babdb59 is present: git log --oneline | grep f1bbd7b57f831e2a070780a7d8d5d4c73babdb59

📡 Detection & Monitoring

Log Indicators:

Segmentation fault errors in Open5GS logs
Unexpected PGW service termination
Null pointer dereference error messages

Network Indicators:

Unusual traffic patterns to PGW S5U interface
Multiple connection attempts followed by service unavailability

SIEM Query:

source="open5gs.log" AND ("segmentation fault" OR "null pointer" OR "SIGSEGV")

📊 Metadata

CVE ID: CVE-2026-2062

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE: CWE-404

EPSS Score: 0.09% exploit probability (25.6th percentile)

Published: February 6, 2026

Last Updated: February 11, 2026

🔗 References

https://github.com/open5gs/open5gs/ Product
https://github.com/open5gs/open5gs/commit/f1bbd7b57f831e2a070780a7d8d5d4c73babdb59 Patch
https://github.com/open5gs/open5gs/issues/4257 Exploit,Issue Tracking,Vendor Advisory
https://github.com/open5gs/open5gs/issues/4257#issue-3787701521 Exploit,Issue Tracking,Vendor Advisory
https://vuldb.com/?ctiid.344622 Permissions Required,VDB Entry
https://vuldb.com/?id.344622 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.744719 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-2062, you might also want to check these: