CVE-2026-2517 is a denial of service (DoS) vulnerability identified in Open5GS, an open-source 5G core network implementation widely used for mobile network functions. The vulnerability exists in the SMF (Session Management Function) component, specifically within the ogs_gtp2_parse_tft function located in the lib/gtp/v2/types.c source file. The flaw is triggered by manipulating the pf[0].content.length argument, which is part of the Traffic Flow Template (TFT) parsing logic in the GTPv2 protocol handling. Improper validation or bounds checking of this length parameter can cause the function to behave unexpectedly, leading to a crash or denial of service condition. The attack vector is remote and does not require any authentication or user interaction, making it relatively easy to exploit by sending crafted GTPv2 messages to the vulnerable SMF instance. The vulnerability affects all Open5GS versions from 2.7.0 through 2.7.6. Although the project was notified early, no patch or official response has been released at the time of publication. The exploit code has been made publicly available, increasing the risk of opportunistic attacks. Given Open5GS’s role in managing 5G session control and mobility, a successful DoS attack could disrupt mobile network services, impacting user connectivity and operator infrastructure stability.

For European organizations, especially telecom operators and mobile network providers deploying Open5GS as part of their 5G core infrastructure, this vulnerability poses a significant risk to network availability. A successful DoS attack could lead to service outages, degraded network performance, and potential loss of customer trust. Disruptions in 5G core functions such as session management could affect a wide range of services relying on mobile connectivity, including IoT applications, critical communications, and enterprise services. The impact extends beyond direct service interruptions to potential regulatory and reputational consequences under European data protection and telecom regulations. Since the exploit requires no authentication and can be launched remotely, attackers could target networks from outside the operator’s perimeter, complicating defense efforts. The lack of an official patch increases exposure time, necessitating immediate mitigation measures to protect critical infrastructure.

1. Monitor network traffic for anomalous or malformed GTPv2 messages targeting the SMF component, using deep packet inspection and behavior-based anomaly detection tools. 2. Implement strict input validation and filtering at the network edge or within the 5G core to block suspicious packets with abnormal pf[0].content.length values. 3. Deploy network segmentation and isolation to limit exposure of the SMF to untrusted networks and reduce attack surface. 4. Engage with the Open5GS community and maintain awareness for forthcoming patches or updates addressing this vulnerability; apply patches promptly once available. 5. Consider temporary workarounds such as disabling or restricting access to vulnerable SMF interfaces if feasible without disrupting essential services. 6. Conduct regular security assessments and penetration testing focused on GTP protocol handling to identify similar weaknesses. 7. Collaborate with upstream vendors and telecom partners to share threat intelligence and coordinate defensive measures. 8. Prepare incident response plans specifically for 5G core network DoS scenarios to minimize downtime and recovery time.