CVE-2026-1737 is a vulnerability identified in Open5GS, an open-source 5G core network implementation widely used by telecom operators and network infrastructure providers. The flaw resides in the function sgwc_s5c_handle_create_bearer_request within the CreateBearerRequest Handler component, located in the source file /src/sgwc/s5c-handler.c. This function processes bearer creation requests, which are critical for establishing data paths in 5G networks. The vulnerability manifests as a reachable assertion triggered by crafted input, which can cause the program to abort unexpectedly, leading to denial of service conditions. The vulnerability is remotely exploitable without requiring authentication or user interaction, increasing its risk profile. The CVSS 4.0 score is 6.9 (medium severity), reflecting the network attack vector, low complexity, and lack of required privileges or user interaction. Although no active exploits have been observed in the wild, a public exploit is available, raising the urgency for remediation. The issue has been addressed in patches released after version 2.7.6, and upgrading to a fixed version is the primary mitigation. This vulnerability could disrupt 5G core network operations, affecting service availability and potentially impacting subscriber connectivity.

The primary impact of CVE-2026-1737 is denial of service (DoS) against the 5G core network component Open5GS, specifically the session gateway control plane (SGWC) handling bearer creation. Successful exploitation can cause the affected process to crash or become unresponsive, disrupting bearer establishment and thus data sessions for subscribers. This can lead to degraded network performance, dropped connections, and service outages for end users. Telecom operators relying on Open5GS may experience partial or full service disruptions, affecting customer experience and potentially causing financial and reputational damage. In critical infrastructure or emergency communication scenarios, such outages could have severe consequences. While the vulnerability does not directly lead to data confidentiality or integrity breaches, the availability impact on core network functions is significant. The ease of remote exploitation without authentication increases the threat level, especially in environments where Open5GS is exposed to untrusted networks or insufficiently segmented.

To mitigate CVE-2026-1737, organizations should immediately upgrade Open5GS to a version later than 2.7.6 where the vulnerability is patched. If upgrading is not immediately feasible, applying any available vendor-provided patches or workarounds is essential. Network segmentation should be enforced to restrict access to the SGWC interfaces, limiting exposure to untrusted networks. Deploying intrusion detection or prevention systems (IDS/IPS) with signatures tuned to detect anomalous or malformed CreateBearerRequest messages can help identify and block exploitation attempts. Monitoring logs and network traffic for unusual bearer creation requests or assertion failures in the SGWC component is recommended to detect potential attacks early. Additionally, implementing rate limiting on bearer creation requests can reduce the risk of denial of service. Regular security assessments and penetration testing of the 5G core network infrastructure should include checks for this vulnerability. Finally, maintaining an up-to-date inventory of Open5GS deployments and their versions will aid in prioritizing patch management efforts.