CVE-2026-8291: Denial of Service in Open5GS
CVE-2026-8291 is a medium severity vulnerability in Open5GS versions up to 2. 7. 7 affecting the NRF component. The flaw exists in the function ogs_nnrf_nfm_handle_nf_profile within lib/sbi/nnrf-handler. c and can be exploited remotely to cause a denial of service. An exploit is publicly available, but no official patch or fix has been released yet. A pull request addressing the issue is pending acceptance.
AI Analysis
Technical Summary
This vulnerability in Open5GS (up to version 2.7.7) involves a weakness in the NRF component's function ogs_nnrf_nfm_handle_nf_profile, which can be manipulated remotely to trigger a denial of service condition. The issue is confirmed and publicly disclosed with a CVSS 4.0 base score of 5.3 (medium severity). Although an exploit is available publicly, no official remediation or patch has been issued yet; a fix is under review as a pull request awaiting acceptance.
Potential Impact
Successful exploitation results in denial of service of the Open5GS NRF component, potentially disrupting network function registration and management. The attack can be performed remotely without user interaction and requires low attack complexity with low privileges. There is no indication of data confidentiality or integrity impact.
Mitigation Recommendations
No official patch or fix is currently available. A pull request to fix the vulnerability is pending acceptance. Users should monitor the Open5GS project repositories and vendor advisories for the official fix. Until then, consider applying any available temporary workarounds from the community or restrict access to the vulnerable service to trusted networks if feasible.
CVE-2026-8291: Denial of Service in Open5GS
Description
CVE-2026-8291 is a medium severity vulnerability in Open5GS versions up to 2. 7. 7 affecting the NRF component. The flaw exists in the function ogs_nnrf_nfm_handle_nf_profile within lib/sbi/nnrf-handler. c and can be exploited remotely to cause a denial of service. An exploit is publicly available, but no official patch or fix has been released yet. A pull request addressing the issue is pending acceptance.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in Open5GS (up to version 2.7.7) involves a weakness in the NRF component's function ogs_nnrf_nfm_handle_nf_profile, which can be manipulated remotely to trigger a denial of service condition. The issue is confirmed and publicly disclosed with a CVSS 4.0 base score of 5.3 (medium severity). Although an exploit is available publicly, no official remediation or patch has been issued yet; a fix is under review as a pull request awaiting acceptance.
Potential Impact
Successful exploitation results in denial of service of the Open5GS NRF component, potentially disrupting network function registration and management. The attack can be performed remotely without user interaction and requires low attack complexity with low privileges. There is no indication of data confidentiality or integrity impact.
Mitigation Recommendations
No official patch or fix is currently available. A pull request to fix the vulnerability is pending acceptance. Users should monitor the Open5GS project repositories and vendor advisories for the official fix. Until then, consider applying any available temporary workarounds from the community or restrict access to the vulnerable service to trusted networks if feasible.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-05-11T08:02:19.004Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a01f795cbff5d86102f219f
Added to database: 5/11/2026, 3:36:53 PM
Last enriched: 5/11/2026, 3:52:49 PM
Last updated: 5/11/2026, 6:22:54 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.