How serious is CVE-2026-2521?

This vulnerability has a CVSS score of 5.5 out of 10, classified as MEDIUM severity. Proof-of-concept exploit code is publicly available, making this an active threat.

Is there exploit code available for CVE-2026-2521?

Yes, proof-of-concept exploit code for CVE-2026-2521 is publicly available on GitHub and security research platforms. This increases the risk of active exploitation.

Which products are affected by CVE-2026-2521?

CVE-2026-2521 affects open5gs open5gs. Check the full CVE details for specific version information.

How do I fix CVE-2026-2521?

To remediate CVE-2026-2521, check for security patches from open5gs. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2026-2521

Medium

|5.5

Exploit Available

Plain English Summary

AI-powered analysis for quick understanding

An attacker can remotely exploit a weakness in Open5GS to corrupt memory, potentially leading to crashes or unauthorized access to sensitive data. This vulnerability affects versions up to 2.7.6, and public exploit code is already available, making it easier for attackers to take advantage of the flaw.

Technical Description

A weakness has been identified in Open5GS up to 2.7.6. This issue affects the function sgwc_s5c_handle_create_session_response of the component SGW-C. Executing a manipulation can lead to memory corruption. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

CVSS Vector Analysis

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

Confidentiality ImpactHigh

Integrity ImpactHigh

Availability ImpactHigh

ScopeChanged

Vector String

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$759($500-$1K)

Vendor Response

Grade APatched in 2 days

Quick Information

Published

Feb 15, 2026

about 2 months ago

Last Modified

Feb 18, 2026

about 2 months ago

Vendor

open5gs

Product

open5gs

Related Vulnerabilities

CVE-2026-2524Medium

An attacker can remotely trigger a denial of service in Open5GS version 2.7.6, causing the system to become unresponsive. This vulnerability can be exploited without needing any special access or credentials.

CVE-2026-2523Medium

An attacker can remotely exploit a vulnerability in Open5GS to trigger a failure in the system, potentially causing it to crash or behave unexpectedly. This issue affects versions up to 2.7.6, and while the developers were notified about the problem, they have not yet addressed it.

CVE-2026-2522Medium

An attacker can remotely exploit a vulnerability in Open5GS to corrupt memory, potentially leading to unauthorized access or system crashes. This issue affects versions up to 2.7.6, and although it has been publicly disclosed, the vendor has not yet addressed it.

CVE-2026-2517Medium

An attacker can remotely cause a denial of service in Open5GS by manipulating specific data within the software, which can crash the system and make it unavailable. This vulnerability affects versions up to 2.7.6, and the exploit details are publicly available, meaning attackers could easily use it if they target systems running this version.