CVE-2026-4988 is a denial of service (DoS) vulnerability identified in Open5GS version 2.7.6, an open-source implementation of the 5G core network. The vulnerability resides in the CCA Message Handler component, specifically within the functions smf_gx_cca_cb, smf_gy_cca_cb, and smf_s6b. These functions handle Credit Control Answer (CCA) messages used in policy and charging control within the 5G core. An attacker can remotely manipulate these functions to trigger a denial of service condition, disrupting normal processing of CCA messages and potentially causing the affected network functions to crash or become unresponsive. The attack vector is network-based and does not require authentication or user interaction, but the complexity of crafting a successful exploit is high, limiting ease of exploitation. The CVSS 4.0 base score is 6.3, reflecting a medium severity with network attack vector, high attack complexity, and no privileges or user interaction needed. Although a public exploit has been released, no confirmed widespread exploitation in the wild has been reported. The vulnerability threatens the availability of critical 5G core network services managed by Open5GS, which is widely used in research, testing, and some production environments for 5G network infrastructure.

The primary impact of CVE-2026-4988 is on the availability of 5G core network functions implemented by Open5GS. A successful denial of service attack could disrupt policy and charging control operations, leading to service interruptions or degraded network performance for subscribers. This could affect mobile network operators using Open5GS in their infrastructure, potentially causing outages or degraded quality of service. Given the critical role of 5G core networks in supporting mobile broadband, IoT, and critical communications, such disruptions could have cascading effects on dependent services and applications. Although the exploit complexity is high, the public availability of exploit code increases the risk of targeted attacks, especially against less hardened or unpatched systems. Organizations relying on Open5GS for 5G core functions may face operational risks, reputational damage, and potential regulatory scrutiny if service disruptions occur.

To mitigate CVE-2026-4988, organizations should first verify if they are running Open5GS version 2.7.6 and plan to upgrade to a patched version once available. In the absence of an official patch, network operators should implement strict network segmentation and access controls to limit exposure of the Open5GS core network components to untrusted networks. Deploying intrusion detection and prevention systems (IDS/IPS) with signatures tuned to detect anomalous CCA message patterns can help identify and block exploitation attempts. Rate limiting and traffic filtering on interfaces handling CCA messages (gx, gy, s6b) can reduce the risk of denial of service. Regular monitoring of system logs and network traffic for unusual activity related to CCA message handling is recommended. Additionally, organizations should engage with the Open5GS community or vendors for timely updates and security advisories. Conducting thorough security assessments and penetration testing focused on 5G core components can help uncover other potential weaknesses.