CVE-2026-2523 – This vulnerability in Open5GS SMF component all... (How to Fix)

Q: What is the severity of CVE-2026-2523?

CVE-2026-2523 has a CVSS score of 5.3 (MEDIUM). This vulnerability in Open5GS SMF component allows remote attackers to trigger a reachable assertion via manipulated PDP context requests, potentially causing denial of service. It affects Open5GS deployments up to version 2.7.6. The exploit is publicly available and can be launched remotely without authentication.

📋 TL;DR

This vulnerability in Open5GS SMF component allows remote attackers to trigger a reachable assertion via manipulated PDP context requests, potentially causing denial of service. It affects Open5GS deployments up to version 2.7.6. The exploit is publicly available and can be launched remotely without authentication.

💻 Affected Systems

Products:

Open5GS

Versions: up to 2.7.6

Operating Systems: Linux, Unix-based systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects SMF (Session Management Function) component in 5G core networks. Any Open5GS deployment with SMF enabled is vulnerable.

📦 What is this software?

Open5gs by Open5gs

View all CVEs affecting Open5gs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote attackers can crash the SMF service, causing complete denial of service for 5G core network functions, potentially disrupting mobile network operations.

🟠

Likely Case

Service disruption through SMF crashes, requiring manual restart of affected components and temporary loss of session management capabilities.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring, allowing quick detection and recovery from service interruptions.

🌐 Internet-Facing: HIGH - Attack can be launched remotely without authentication, and public exploit exists.

🏢 Internal Only: MEDIUM - Still exploitable from internal networks but requires network access to SMF component.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available in GitHub issues. Attack requires sending specially crafted PDP context requests to the SMF component.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

No official patch available. Monitor Open5GS GitHub repository for updates. When patch is released: 1. Update to patched version 2. Restart SMF service 3. Verify fix with test PDP context requests

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict access to SMF component to trusted networks only

iptables -A INPUT -p tcp --dport [SMF_PORT] -s [TRUSTED_NETWORK] -j ACCEPT
iptables -A INPUT -p tcp --dport [SMF_PORT] -j DROP

Rate Limiting

linux

Implement rate limiting on PDP context requests to prevent mass exploitation

iptables -A INPUT -p tcp --dport [SMF_PORT] -m limit --limit 10/min --limit-burst 20 -j ACCEPT

🧯 If You Can't Patch

Implement strict network access controls to limit SMF exposure
Deploy monitoring and alerting for SMF service crashes or abnormal PDP context request patterns

🔍 How to Verify

Check if Vulnerable:

Check Open5GS version: open5gs --version. If version is 2.7.6 or earlier, system is vulnerable.

Check Version:

open5gs --version

Verify Fix Applied:

When patch is available: 1. Update to patched version 2. Send test PDP context requests 3. Verify SMF service remains stable

📡 Detection & Monitoring

Log Indicators:

SMF service crashes
Assertion failures in /src/smf/gn-handler.c
Abnormal PDP context request patterns

Network Indicators:

Unusual volume of PDP context requests from single sources
Malformed GTP-C packets targeting SMF

SIEM Query:

source="open5gs" AND ("assertion" OR "crash" OR "gn-handler.c")

📊 Metadata

CVE ID: CVE-2026-2523

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE: CWE-617

Published: February 16, 2026

Last Updated: February 18, 2026

🔗 References

https://github.com/open5gs/open5gs/ Product
https://github.com/open5gs/open5gs/issues/4285 Exploit,Issue Tracking,Vendor Advisory
https://github.com/open5gs/open5gs/issues/4285#issue-3809055236 Exploit,Issue Tracking,Vendor Advisory
https://vuldb.com/?ctiid.346111 Permissions Required,VDB Entry
https://vuldb.com/?id.346111 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.738342 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-2523, you might also want to check these: