How serious is CVE-2026-2517?

This vulnerability has a CVSS score of 5.5 out of 10, classified as MEDIUM severity. Proof-of-concept exploit code is publicly available, making this an active threat.

Is there exploit code available for CVE-2026-2517?

Yes, proof-of-concept exploit code for CVE-2026-2517 is publicly available on GitHub and security research platforms. This increases the risk of active exploitation.

Which products are affected by CVE-2026-2517?

CVE-2026-2517 affects open5gs open5gs. Check the full CVE details for specific version information.

How do I fix CVE-2026-2517?

To remediate CVE-2026-2517, check for security patches from open5gs. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2026-2517

Medium

|5.5

Exploit Available

Plain English Summary

AI-powered analysis for quick understanding

An attacker can remotely cause a denial of service in Open5GS by manipulating specific data within the software, which can crash the system and make it unavailable. This vulnerability affects versions up to 2.7.6, and the exploit details are publicly available, meaning attackers could easily use it if they target systems running this version.

Technical Description

A security flaw has been discovered in Open5GS up to 2.7.6. This vulnerability affects the function ogs_gtp2_parse_tft in the library lib/gtp/v2/types.c of the component SMF. Performing a manipulation of the argument pf[0].content.length results in denial of service. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

CVSS Vector Analysis

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

Confidentiality ImpactHigh

Integrity ImpactHigh

Availability ImpactHigh

ScopeChanged

Vector String

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$759($500-$1K)

Vendor Response

Grade APatched in 3 days

Quick Information

Published

Feb 15, 2026

about 2 months ago

Last Modified

Feb 18, 2026

about 2 months ago

Vendor

open5gs

Product

open5gs

Related Vulnerabilities

CVE-2026-2524Medium

An attacker can remotely trigger a denial of service in Open5GS version 2.7.6, causing the system to become unresponsive. This vulnerability can be exploited without needing any special access or credentials.

CVE-2026-2523Medium

An attacker can remotely exploit a vulnerability in Open5GS to trigger a failure in the system, potentially causing it to crash or behave unexpectedly. This issue affects versions up to 2.7.6, and while the developers were notified about the problem, they have not yet addressed it.

CVE-2026-2522Medium

An attacker can remotely exploit a vulnerability in Open5GS to corrupt memory, potentially leading to unauthorized access or system crashes. This issue affects versions up to 2.7.6, and although it has been publicly disclosed, the vendor has not yet addressed it.

CVE-2026-2521Medium

An attacker can remotely exploit a weakness in Open5GS to corrupt memory, potentially leading to crashes or unauthorized access to sensitive data. This vulnerability affects versions up to 2.7.6, and public exploit code is already available, making it easier for attackers to take advantage of the flaw.