CVE-2026-2517 is a denial of service vulnerability identified in Open5GS, an open-source 5G core network implementation, affecting versions 2.7.0 through 2.7.6. The vulnerability exists in the SMF (Session Management Function) component, specifically within the ogs_gtp2_parse_tft function located in the lib/gtp/v2/types.c source file. The root cause is improper validation or handling of the pf[0].content.length parameter, which can be manipulated by a remote attacker to trigger a denial of service condition. This manipulation likely leads to memory corruption, crashes, or infinite loops causing the SMF process to become unresponsive or terminate unexpectedly. The attack vector is network-based, requiring no authentication or user interaction, making it straightforward for remote exploitation. The SMF is a critical element in 5G core networks responsible for session management and policy enforcement, so disruption here can affect the overall network service availability. Although the Open5GS project was notified early, no patch or official response has been released at the time of this report. Public exploit code has been made available, increasing the urgency for mitigation. The CVSS v4.0 base score is 6.9 (medium severity), reflecting the ease of exploitation and impact limited to availability without confidentiality or integrity compromise.

The primary impact of CVE-2026-2517 is denial of service against the SMF component of Open5GS, which can lead to service outages or degradation in 5G core network operations. This can disrupt session management, affecting user connectivity, data sessions, and overall network reliability. For telecom operators and service providers relying on Open5GS, this could translate into customer service interruptions, loss of revenue, and reputational damage. In critical infrastructure contexts, such as emergency services or industrial IoT relying on 5G, the disruption could have broader societal impacts. Since the vulnerability can be exploited remotely without authentication, attackers can launch DoS attacks at scale or as part of coordinated campaigns. The lack of an official patch increases exposure time, and the public availability of exploits raises the risk of opportunistic attacks. Organizations using Open5GS in production environments are particularly vulnerable, especially those with limited network segmentation or insufficient monitoring of control plane traffic.

To mitigate CVE-2026-2517, organizations should first monitor Open5GS SMF logs and network traffic for anomalous or malformed GTPv2 packets targeting the ogs_gtp2_parse_tft function. Implement network-level filtering or rate limiting on GTPv2 control plane traffic to reduce exposure to malformed packets. Deploy intrusion detection/prevention systems (IDS/IPS) with updated signatures to detect attempts exploiting this vulnerability. If possible, isolate the SMF component within a protected network segment to limit attack surface. Engage with the Open5GS community or maintainers to track patch releases and apply updates promptly once available. As a temporary workaround, consider disabling or restricting features that process TFT (Traffic Flow Template) parameters if feasible. Conduct regular backups and prepare incident response plans to quickly recover from potential DoS events. Finally, evaluate alternative 5G core solutions or vendor support if timely patches are not forthcoming.