CVE-2026-2522 is a memory corruption vulnerability identified in Open5GS, an open-source 5G core network implementation widely used for mobile network infrastructure and private 5G deployments. The vulnerability resides in an unspecified function within the /src/mme/esm-build.c source file of the Mobility Management Entity (MME) component, which is responsible for managing signaling and session management in the 5G core network. The flaw allows remote attackers to manipulate input data to cause memory corruption, potentially leading to denial of service or arbitrary code execution. The vulnerability requires no authentication or user interaction, making it remotely exploitable over the network. The CVSS 4.0 base score is 6.9 (medium severity), reflecting the ease of exploitation and potential impact on availability and integrity, though confidentiality is not affected. The vulnerability was responsibly disclosed but remains unpatched as of the publication date, with no official response from the Open5GS project. No known exploits in the wild have been reported yet, but public proof-of-concept code exists, increasing the risk of exploitation. Given the critical role of the MME in 5G network operation, exploitation could disrupt mobile network services or allow attackers to execute arbitrary code within the network infrastructure. This poses a significant risk to telecom operators and enterprises relying on Open5GS for 5G core network functions.

The vulnerability could have serious consequences for organizations operating 5G networks using Open5GS. Successful exploitation may lead to memory corruption resulting in denial of service, causing network outages or degraded service quality. In worst-case scenarios, attackers might achieve arbitrary code execution, compromising the integrity of the 5G core network and enabling further attacks such as interception or manipulation of mobile traffic. This could disrupt critical communications, affect subscriber services, and damage organizational reputation. Since the vulnerability requires no authentication and can be triggered remotely, attackers can exploit it from outside the network perimeter, increasing the attack surface. The lack of a patch and public exploit availability heightens the urgency for mitigation. Organizations deploying Open5GS in private or public 5G networks must consider the risk of service disruption and potential data integrity breaches. The impact extends to national infrastructure and industries relying on 5G connectivity, including manufacturing, healthcare, and transportation sectors.

1. Immediately restrict network access to the MME component of Open5GS by implementing strict firewall rules and network segmentation to limit exposure to untrusted networks. 2. Deploy intrusion detection and prevention systems (IDS/IPS) with signatures or heuristics targeting anomalous traffic patterns related to the esm-build.c function or MME signaling messages. 3. Monitor logs and network traffic for unusual activity or repeated malformed packets that could indicate exploitation attempts. 4. Engage with the Open5GS community and maintain awareness of updates or patches addressing this vulnerability; apply patches promptly once available. 5. Consider deploying application-layer gateways or protocol-aware proxies that can validate and sanitize signaling messages before they reach the vulnerable component. 6. Conduct regular security assessments and penetration testing focused on the 5G core network components to identify and remediate weaknesses. 7. If feasible, implement redundancy and failover mechanisms for the MME to minimize service disruption in case of exploitation. 8. Educate network operations teams about this vulnerability and establish incident response plans specific to 5G core network threats.