CVE-2026-2062 is a vulnerability in Open5GS, an open-source 5G core network implementation, specifically affecting versions 2.7.0 through 2.7.6. The issue arises from a null pointer dereference in the PGW (Packet Gateway) S5U Address Handler component, within the functions sgwc_s5c_handle_modify_bearer_response and sgwc_sxa_handle_session_modification_response. These functions handle session modification responses related to bearer management in the 5G core network. The null pointer dereference occurs due to improper handling of certain input data, which can be manipulated remotely by an attacker without requiring authentication or user interaction. Exploiting this vulnerability can cause the affected process to crash, leading to a denial of service (DoS) condition in the 5G core network infrastructure. This can disrupt mobile network services reliant on Open5GS. The vulnerability has a CVSS 4.0 base score of 6.9, reflecting its medium severity, with an attack vector of network (remote), low attack complexity, no privileges required, and no user interaction needed. The vulnerability does not impact confidentiality, integrity, or availability beyond causing service disruption. A public exploit exists, increasing the likelihood of exploitation in the wild. The Open5GS project has released a patch identified by commit f1bbd7b57f831e2a070780a7d8d5d4c73babdb59 to address this issue. Organizations using affected versions should apply this patch promptly to prevent potential service outages.

The primary impact of CVE-2026-2062 is a denial of service condition caused by a null pointer dereference crash in the Open5GS PGW component. This can disrupt 5G core network operations, affecting mobile data connectivity and session management for subscribers. For telecommunications providers and enterprises relying on Open5GS for 5G core network functions, this could lead to service outages, degraded network performance, and customer dissatisfaction. The vulnerability's remote exploitability without authentication increases the risk of targeted attacks or opportunistic exploitation by threat actors. While it does not directly compromise data confidentiality or integrity, the availability impact on critical network infrastructure can have cascading effects on dependent services and emergency communications. The existence of a public exploit further elevates the threat level, potentially enabling attackers to cause widespread disruption if patches are not applied. Organizations operating Open5GS in production environments must consider the operational risks and potential regulatory implications of service interruptions.

To mitigate CVE-2026-2062, organizations should immediately apply the official patch released by the Open5GS project, identified by commit f1bbd7b57f831e2a070780a7d8d5d4c73babdb59. Beyond patching, network operators should implement robust monitoring of Open5GS components to detect abnormal crashes or service disruptions indicative of exploitation attempts. Deploying network-level protections such as firewalls and intrusion detection/prevention systems (IDS/IPS) can help filter and alert on suspicious traffic targeting the PGW interfaces. Conduct thorough testing of patched versions in staging environments before production deployment to ensure stability. Maintain strict access controls and network segmentation to limit exposure of the 5G core network to untrusted sources. Regularly update and audit Open5GS deployments and dependencies to minimize exposure to known vulnerabilities. Additionally, consider implementing redundancy and failover mechanisms within the 5G core network to reduce the impact of potential service disruptions.