CVE-2026-2524 identifies a denial of service vulnerability in Open5GS version 2.7.6, an open-source implementation of 5G core network components. The vulnerability resides in the MME (Mobility Management Entity) component, specifically within the mme_s11_handle_create_session_response function. This function handles responses related to session creation over the S11 interface, which is critical for establishing and managing user sessions in the 5G core network. The flaw allows a remote attacker to craft malicious session creation response messages that cause the MME to enter an error state or crash, resulting in denial of service. Exploitation requires no authentication or user interaction, making it trivially exploitable over the network. The vulnerability impacts the availability of the MME, potentially disrupting session management and thus affecting the overall 5G network service. Although the Open5GS project was informed early, no patch or official response has been released as of the publication date. The CVSS v4.0 score of 6.9 reflects a medium severity, factoring in the ease of remote exploitation and the impact on availability, but no impact on confidentiality or integrity. The vulnerability is significant because the MME is a core network element responsible for mobility and session management, and its disruption can degrade or halt 5G services. The published exploit code increases the risk of attacks, especially in environments where Open5GS is deployed without additional protective controls. This vulnerability highlights the importance of securing open-source telecom infrastructure components that are increasingly used in commercial and research 5G networks.

The primary impact of CVE-2026-2524 is the disruption of 5G core network services due to denial of service on the MME component. This can lead to dropped or failed session establishments, degraded network performance, and potential outages affecting end users relying on 5G connectivity. Telecom operators using Open5GS in production or test environments may experience service interruptions, impacting voice, data, and signaling services. The availability of critical network functions is compromised, which can affect emergency communications, IoT device connectivity, and enterprise applications dependent on 5G. The lack of authentication and user interaction requirements makes the attack vector broad and easier to exploit remotely. Although no known active exploitation has been reported, the existence of published exploit code raises the likelihood of opportunistic attacks. Organizations relying on Open5GS without mitigation risk operational disruptions and potential reputational damage. The vulnerability also underscores the risks associated with deploying open-source telecom software without timely patching or compensating controls.

1. Immediate network-level filtering: Implement firewall or intrusion prevention system (IPS) rules to monitor and block malformed or suspicious S11 interface messages targeting the MME, especially create session response messages. 2. Deploy rate limiting on S11 interface traffic to reduce the impact of potential flooding or malformed packets. 3. Isolate the MME component within a segmented and controlled network zone to limit exposure to untrusted networks. 4. Monitor MME logs and system metrics for signs of crashes, restarts, or abnormal behavior indicative of exploitation attempts. 5. Engage with the Open5GS community and maintain awareness of patches or updates addressing this vulnerability; apply patches promptly once available. 6. Consider deploying redundant MME instances or failover mechanisms to maintain service continuity in case of DoS events. 7. Conduct regular security assessments and penetration testing focused on telecom core network components to identify and mitigate similar vulnerabilities proactively. 8. If feasible, implement application-layer validation or sanity checks on session creation responses within the MME to detect and reject malformed inputs. 9. For organizations using Open5GS in production, evaluate alternative 5G core solutions with active vendor support and security maintenance until this vulnerability is resolved.