CVE-2026-1522 identifies a denial of service (DoS) vulnerability in Open5GS, an open-source 5G core network implementation widely used for mobile network infrastructure. The flaw exists in the SGWC (Serving Gateway Control) component, specifically within the sgwc_s5c_handle_modify_bearer_response function in the source file s5c-handler.c. This function handles responses related to bearer modification in the S5-C interface, which is critical for managing user data sessions in 5G networks. An attacker can remotely send specially crafted messages to this function, triggering a state or memory corruption that leads to a crash or service disruption of the SGWC process. Since the vulnerability requires no authentication or user interaction, it can be exploited by any remote actor with network access to the affected component. The vulnerability affects all Open5GS versions from 2.7.0 through 2.7.6. The issue has been publicly disclosed with a patch available under the identifier b19cf6a, and the vulnerability is flagged as fixed. The CVSS 4.0 vector (AV:N/AC:L/AT:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P) indicates network attack vector, low complexity, no privileges or user interaction required, no impact on confidentiality or integrity, limited impact on availability, and no scope or security requirements changes. No known exploits are currently reported in the wild, but the public availability of the exploit code increases the risk of future attacks.

For European organizations, especially telecom operators and infrastructure providers deploying Open5GS as part of their 5G core networks, this vulnerability poses a risk of service disruption. A successful DoS attack could cause outages in the serving gateway control plane, leading to dropped sessions, interrupted data flows, and degraded user experience for mobile subscribers. This can impact critical services relying on 5G connectivity, including IoT deployments, emergency services, and enterprise applications. The disruption could also affect network reliability and operator reputation. Given the increasing adoption of open-source 5G core solutions in Europe to reduce costs and increase flexibility, the exposure is significant. The lack of confidentiality or integrity impact limits data breach concerns, but availability degradation in telecom infrastructure is a critical operational risk. The medium severity rating reflects a balance between ease of exploitation and limited impact scope, but the potential for widespread service outages in key network components elevates the operational risk.

European organizations should prioritize applying the official patch (commit b19cf6a) to all Open5GS deployments running versions 2.7.0 through 2.7.6. Network segmentation and strict access controls should be enforced to limit exposure of the SGWC interface to untrusted networks, reducing the attack surface. Deploying intrusion detection systems (IDS) and anomaly detection tools tailored to 5G core protocols can help identify suspicious malformed messages targeting the S5-C interface. Operators should implement robust monitoring and alerting on SGWC process health to detect early signs of exploitation attempts or crashes. Regular vulnerability scanning and penetration testing focused on 5G core components can proactively identify residual risks. Additionally, organizations should maintain up-to-date incident response plans specific to 5G network disruptions. Considering the public availability of exploit code, rapid patch deployment combined with network-level protections is essential to mitigate exploitation risk effectively.