CVE-2026-7601: Denial of Service in Open5GS
CVE-2026-7601 is a medium severity vulnerability in Open5GS versions up to 2. 7. 6 affecting the AMF component. It involves a denial of service caused by manipulation of the reg_type argument in the src/amf/gmm-handler. c file. The vulnerability can be exploited remotely without user interaction or privileges. Upgrading to Open5GS version 2. 7. 7 addresses this issue.
AI Analysis
Technical Summary
This vulnerability in Open5GS (up to version 2.7.6) affects an unspecified function within the AMF component's gmm-handler.c source file. An attacker can remotely manipulate the reg_type argument, leading to a denial of service condition. The issue is resolved by upgrading to version 2.7.7, with the patch identified by commit ebc66942b6f8f1fab2d640e71cf4e9f1a423b426.
Potential Impact
Successful exploitation results in denial of service, potentially disrupting the affected Open5GS AMF component's operation. The CVSS 4.0 base score is 5.3 (medium severity), indicating a moderate impact without requiring user interaction or high privileges.
Mitigation Recommendations
Upgrade the affected Open5GS component to version 2.7.7, which contains the official fix for this vulnerability. No alternative mitigations are indicated. Patch status is confirmed by the vendor's release of version 2.7.7.
CVE-2026-7601: Denial of Service in Open5GS
Description
CVE-2026-7601 is a medium severity vulnerability in Open5GS versions up to 2. 7. 6 affecting the AMF component. It involves a denial of service caused by manipulation of the reg_type argument in the src/amf/gmm-handler. c file. The vulnerability can be exploited remotely without user interaction or privileges. Upgrading to Open5GS version 2. 7. 7 addresses this issue.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in Open5GS (up to version 2.7.6) affects an unspecified function within the AMF component's gmm-handler.c source file. An attacker can remotely manipulate the reg_type argument, leading to a denial of service condition. The issue is resolved by upgrading to version 2.7.7, with the patch identified by commit ebc66942b6f8f1fab2d640e71cf4e9f1a423b426.
Potential Impact
Successful exploitation results in denial of service, potentially disrupting the affected Open5GS AMF component's operation. The CVSS 4.0 base score is 5.3 (medium severity), indicating a moderate impact without requiring user interaction or high privileges.
Mitigation Recommendations
Upgrade the affected Open5GS component to version 2.7.7, which contains the official fix for this vulnerability. No alternative mitigations are indicated. Patch status is confirmed by the vendor's release of version 2.7.7.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-05-01T11:50:20.513Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f56a39cbff5d86102c6868
Added to database: 5/2/2026, 3:06:33 AM
Last enriched: 5/2/2026, 3:21:18 AM
Last updated: 5/2/2026, 4:12:25 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.