CVE-2026-2523 is a vulnerability identified in the Open5GS open-source 5G core network software, specifically affecting versions 2.7.0 through 2.7.6. The issue resides in the SMF (Session Management Function) component within the function smf_gn_handle_create_pdp_context_request located in /src/smf/gn-handler.c. This function processes requests related to PDP (Packet Data Protocol) context creation. The vulnerability manifests as a reachable assertion failure, which can be triggered remotely without requiring any authentication or user interaction. An assertion failure typically causes the program to abort or crash, leading to denial of service conditions. The vulnerability has a CVSS 4.0 base score of 6.9, indicating a medium severity level. The attack vector is network-based with low attack complexity and no privileges or user interaction needed, making exploitation feasible in exposed environments. Although the exploit code has been publicly disclosed, there are no confirmed reports of active exploitation in the wild. The Open5GS project was notified early via an issue report but has not yet issued a patch or official response. This vulnerability threatens the stability and availability of the SMF component, a critical part of the 5G core network responsible for session management and policy enforcement. Given Open5GS's role in 5G infrastructure, successful exploitation could disrupt mobile network services relying on this software.

The primary impact of CVE-2026-2523 is denial of service through crashing the SMF component of Open5GS, which can disrupt session management in 5G core networks. This disruption can lead to loss of connectivity for users relying on affected networks, impacting telecommunications providers and their customers. The vulnerability affects confidentiality and integrity minimally but poses a significant risk to availability. Organizations using Open5GS in production or testing environments may experience service outages, degraded network performance, or require emergency maintenance to restore functionality. The exploitability without authentication and user interaction increases the risk of automated attacks targeting exposed 5G core network interfaces. Given the increasing adoption of Open5GS in private and public 5G deployments worldwide, the potential scope of impact is broad, especially for operators leveraging open-source solutions. Additionally, disruption in 5G core services can have cascading effects on dependent services such as IoT, critical communications, and enterprise applications. The absence of an official patch heightens the urgency for organizations to implement interim mitigations to maintain network reliability.

1. Immediate mitigation involves restricting network exposure of the SMF interfaces to trusted and internal networks only, using firewalls and access control lists to block unauthorized access. 2. Monitor network traffic and logs for unusual or malformed PDP context creation requests that could trigger the assertion failure. 3. Apply custom patches or code modifications to the smf_gn_handle_create_pdp_context_request function to add input validation and handle assertion conditions gracefully until an official patch is released. 4. Engage with the Open5GS community and maintain awareness for forthcoming official patches or updates addressing this vulnerability. 5. Implement redundancy and failover mechanisms in the 5G core network to minimize service disruption if the SMF component crashes. 6. Conduct regular security assessments and penetration testing focused on 5G core components to detect similar vulnerabilities proactively. 7. Educate network operations teams about this vulnerability and establish incident response plans specific to 5G core network disruptions. 8. Consider deploying network-level anomaly detection systems capable of identifying exploitation attempts targeting this vulnerability.