CVE-2026-4240 identifies a denial of service vulnerability in Open5GS, an open-source 5G core network implementation widely used for mobile network infrastructure. The vulnerability resides in the CCA Handler component, specifically within the callback functions smf_gx_cca_cb, smf_gy_cca_cb, smf_s6b_aaa_cb, and smf_s6b_sta_cb. These functions handle Credit Control Answer (CCA) messages related to policy and charging control in the 5G core. Improper handling or manipulation of these callbacks can cause the Open5GS SMF (Session Management Function) to crash or become unresponsive, resulting in denial of service. The attack can be launched remotely over the network without requiring authentication or user interaction, making it accessible to unauthenticated attackers. The vulnerability affects Open5GS versions 2.7.0 through 2.7.6. The vendor addressed the issue in version 2.7.7 by correcting the handling logic in the affected functions. The CVSS 4.0 vector (AV:N/AC:L/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P) indicates a network-based attack with low complexity, no privileges or user interaction needed, and limited impact on availability. Although no public exploit code is currently known to be in widespread use, the vulnerability's public disclosure and ease of exploitation make it a credible threat to 5G network operators using Open5GS.

The primary impact of CVE-2026-4240 is denial of service against the Open5GS SMF component, which is critical for managing session and policy control in 5G networks. Disruption of the SMF can lead to dropped sessions, interrupted subscriber services, and degraded network performance. For mobile network operators and enterprises relying on Open5GS for 5G core infrastructure, this can translate into service outages affecting end users, loss of revenue, and reputational damage. Additionally, denial of service in core network components can complicate incident response and recovery efforts. Given the remote and unauthenticated nature of the exploit, attackers could launch DoS attacks from external networks, increasing the risk of widespread disruption. The vulnerability does not appear to allow data leakage or privilege escalation, limiting its impact to availability. However, in critical telecommunications infrastructure, availability disruptions can have cascading effects on emergency services, IoT deployments, and business continuity.

The definitive mitigation is to upgrade Open5GS to version 2.7.7 or later, where the vulnerability has been patched. Network operators should prioritize this upgrade in their maintenance cycles. In addition, organizations should implement network-level protections such as filtering and rate limiting of CCA-related traffic to reduce exposure to malformed or malicious packets targeting the affected functions. Deploying intrusion detection systems (IDS) with signatures tuned to detect anomalous CCA messages can provide early warning of exploitation attempts. Operators should also isolate the Open5GS SMF component within secure network segments and restrict access to trusted management networks to minimize attack surface. Regularly monitoring system logs and performance metrics can help detect early signs of denial of service conditions. Finally, maintaining an up-to-date inventory of Open5GS deployments and applying security patches promptly is critical to reducing risk.