CVE-2026-10156

Exploit

EPSS 0.28%
Veröffentlicht 30.05.2026 23:45:09
Zuletzt bearbeitet 01.06.2026 15:15:37
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

Open5GS nf-instances Endpoint nnrf-handler.c handle_amf_info resource consumption

A vulnerability was determined in Open5GS up to 2.7.7. This affects the function handle_amf_info in the library /lib/sbi/nnrf-handler.c of the component nf-instances Endpoint. Executing a manipulation of the argument nf_info_pool can lead to resource consumption. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. Applying a patch is advised to resolve this issue. The issue report is flagged as already-fixed.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 8

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellern/a

≫

Produkt Open5GS

Version 2.7.0

Status affected

Version 2.7.1

Status affected

Version 2.7.2

Status affected

Version 2.7.3

Status affected

Version 2.7.4

Status affected

Version 2.7.5

Status affected

Version 2.7.6

Status affected

Version 2.7.7

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.28%	0.192

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@vuldb.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
cna@vuldb.com	2.1	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:N/A:P

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

https://github.com/open5gs/open5gs/

https://vuldb.com/vuln/367409

https://vuldb.com/vuln/367409/cti

https://vuldb.com/submit/818598

https://github.com/open5gs/open5gs/issues/4480

https://nvd.nist.gov/vuln/detail/CVE-2026-10156

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-10156

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-10156

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-10156