CVE-2026-1521 is a denial of service vulnerability affecting Open5GS, an open-source 5G core network implementation widely used for mobile network infrastructure. The vulnerability resides in the SGWC (Serving Gateway Control) component, specifically within the function sgwc_s5c_handle_bearer_resource_failure_indication located in src/sgwc/s5c-handler.c. This function handles bearer resource failure indications on the S5-C interface, which is critical for managing bearer contexts between the Serving Gateway and the Packet Data Network Gateway. An attacker can remotely send specially crafted messages that manipulate this function's processing logic, causing the SGWC process to crash or become unresponsive, resulting in denial of service. The vulnerability requires no authentication, no user interaction, and can be exploited over the network, making it accessible to remote attackers. The CVSS 4.0 base score is 6.9 (medium severity), reflecting the network vector, low attack complexity, and no privileges required. The impact is primarily on availability, potentially disrupting 5G core network operations and affecting subscriber connectivity. Although no active exploitation has been reported, a public exploit is available, increasing the risk of future attacks. The issue affects Open5GS versions 2.7.0 through 2.7.6. The Open5GS project has released a patch identified by commit 69b53add90a9479d7960b822fc60601d659c328b to remediate the vulnerability. Organizations running vulnerable versions should apply this patch immediately to prevent service disruption.

For European organizations, particularly telecom operators and mobile service providers deploying Open5GS as part of their 5G core network infrastructure, this vulnerability poses a significant risk to network availability. A successful denial of service attack could disrupt subscriber services, degrade network performance, and cause outages affecting voice, data, and emergency communications. This disruption could lead to customer dissatisfaction, regulatory scrutiny, and financial losses. Given the critical role of 5G networks in supporting IoT, smart city applications, and industrial automation across Europe, the impact extends beyond traditional telecom services. Additionally, national security agencies and critical infrastructure operators relying on 5G connectivity could face operational challenges. The remote and unauthenticated nature of the exploit increases the threat landscape, as attackers do not need insider access. Although no known exploitation in the wild has been reported, the public availability of an exploit increases the urgency for mitigation. The medium severity rating indicates a moderate but actionable risk that must be addressed promptly to maintain network resilience.

1. Immediately apply the official patch released by the Open5GS project, identified by commit 69b53add90a9479d7960b822fc60601d659c328b, to all affected Open5GS deployments running versions 2.7.0 through 2.7.6. 2. Implement network-level filtering and anomaly detection on the S5-C interface to monitor and block malformed or suspicious bearer resource failure indication messages. 3. Employ strict access controls and segmentation for the 5G core network components to limit exposure to untrusted networks and reduce the attack surface. 4. Conduct regular vulnerability assessments and penetration testing focused on 5G core network elements to identify and remediate similar issues proactively. 5. Maintain up-to-date incident response plans tailored to 5G network disruptions, including rapid rollback or failover procedures. 6. Collaborate with vendors and the open-source community to stay informed about emerging threats and patches related to Open5GS and 5G core technologies. 7. Consider deploying redundancy and load balancing for SGWC components to mitigate the impact of potential DoS attacks. 8. Educate network operations teams on the specific indicators of compromise related to this vulnerability to enable early detection and response.