CVE-2026-1738 identifies a vulnerability in Open5GS, an open-source 5G core network implementation widely used for mobile network infrastructure. The flaw resides in the SGWC (Serving Gateway Control Plane) component, specifically in the sgwc_tunnel_add function located in /src/sgwc/context.c. The vulnerability is triggered by manipulating the pdr (Packet Detection Rule) argument, which leads to a reachable assertion failure. This means that crafted input can cause the program to hit an assertion condition that was not expected to be reachable, potentially causing the process to terminate or behave unpredictably. The vulnerability is remotely exploitable without requiring authentication or user interaction, increasing its risk profile. The CVSS v4.0 base score is 6.9, reflecting a medium severity level due to the potential for denial of service or disruption of 5G core network functions. The flaw affects all Open5GS versions from 2.7.0 through 2.7.6, with a fix implemented in subsequent releases. Although no active exploitation has been reported, a proof-of-concept exploit is publicly available, which could facilitate attacks if not mitigated. The vulnerability impacts the integrity and availability of the 5G core network, critical for mobile communications and data services. Given Open5GS's role in managing user plane and control plane traffic, exploitation could disrupt mobile network operations, degrade service quality, or cause outages.

For European organizations, especially telecom operators and mobile network providers deploying Open5GS, this vulnerability poses a risk to the stability and availability of 5G network services. Disruption of the SGWC component can lead to denial of service conditions, affecting end-user connectivity and potentially causing widespread service outages. This can impact critical communications infrastructure, emergency services, and business operations relying on 5G connectivity. Additionally, network instability may erode customer trust and lead to regulatory scrutiny under frameworks like the NIS2 Directive. The medium severity rating indicates a significant but not catastrophic risk; however, the ease of remote exploitation without authentication elevates the urgency for patching. European organizations involved in private 5G deployments, industrial IoT, or smart city initiatives using Open5GS are also at risk. The vulnerability could be leveraged in targeted attacks aiming to disrupt national or regional telecom infrastructure, especially in countries with advanced 5G rollouts and Open5GS adoption.

1. Immediately upgrade Open5GS to the latest version beyond 2.7.6 where the vulnerability is fixed. 2. Implement network-level protections such as filtering and monitoring of traffic directed at the SGWC component to detect anomalous or malformed packets targeting the pdr argument. 3. Employ intrusion detection and prevention systems (IDS/IPS) tuned to recognize exploit attempts against Open5GS vulnerabilities. 4. Conduct regular security audits and code reviews of Open5GS deployments to identify and remediate potential weaknesses. 5. Isolate critical 5G core network components in segmented network zones with strict access controls to limit exposure. 6. Maintain up-to-date incident response plans specific to telecom infrastructure to quickly address any exploitation attempts. 7. Collaborate with Open5GS community and vendors for timely updates and security advisories. 8. Monitor public threat intelligence sources for emerging exploits or attack campaigns leveraging this vulnerability.