Login Sign Up

CVE-2026-2522

5.3 MEDIUM
Denial of Service

📋 TL;DR

A memory corruption vulnerability in Open5GS MME component allows remote attackers to potentially crash the service or execute arbitrary code. This affects Open5GS deployments up to version 2.7.6. The vulnerability is in the esm-build.c file and can be exploited without authentication.

💻 Affected Systems

Products:
  • Open5GS
Versions: Up to and including 2.7.6
Operating Systems: Linux, Unix-based systems
Default Config Vulnerable: ⚠️ Yes
Notes: All deployments using the MME component with affected versions are vulnerable. The vulnerability is in core functionality.

📦 What is this software?

Open5gs by Open5gs

View all CVEs affecting Open5gs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, service disruption, and potential lateral movement within the network.

🟠

Likely Case

Service disruption through denial of service (MME crash) and potential information disclosure from memory corruption.

🟢

If Mitigated

Limited impact with proper network segmentation and exploit prevention controls, potentially just service restart.

🌐 Internet-Facing: HIGH - The vulnerability can be exploited remotely without authentication, making internet-facing deployments particularly vulnerable.
🏢 Internal Only: MEDIUM - Internal deployments are still vulnerable to attacks from within the network perimeter.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploit details have been publicly disclosed in GitHub issues. The vulnerability is remotely exploitable without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: https://github.com/open5gs/open5gs/issues/4283

Restart Required: Yes

Instructions:

1. Monitor the Open5GS GitHub repository for official patches. 2. Apply patches when available. 3. Restart Open5GS services after patching.

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict network access to Open5GS MME component to only trusted sources

iptables -A INPUT -p tcp --dport [MME_PORT] -s [TRUSTED_NETWORK] -j ACCEPT
iptables -A INPUT -p tcp --dport [MME_PORT] -j DROP

Service Monitoring and Restart

linux

Implement monitoring to detect and automatically restart crashed MME services

systemctl enable open5gs-mme
systemctl start open5gs-mme

🧯 If You Can't Patch

  • Implement strict network access controls to limit exposure to trusted sources only
  • Deploy intrusion detection/prevention systems to monitor for exploit attempts

🔍 How to Verify

Check if Vulnerable:

Check Open5GS version: open5gs-mmed --version or review installed package version

Check Version:

open5gs-mmed --version || dpkg -l | grep open5gs || rpm -qa | grep open5gs

Verify Fix Applied:

Verify version is above 2.7.6 after official patch is released

📡 Detection & Monitoring

Log Indicators:

  • MME service crashes
  • Memory corruption errors in system logs
  • Unexpected process terminations

Network Indicators:

  • Unusual traffic patterns to MME port
  • Malformed packets targeting MME service

SIEM Query:

source="open5gs.log" AND ("segmentation fault" OR "memory corruption" OR "MME crash")

📊 Metadata

CVE ID: CVE-2026-2522
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE: CWE-119
Published: February 16, 2026
Last Updated: February 18, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-2522, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)