← back
CVE-2026-10156

Open5GS nf-instances Endpoint nnrf-handler.c handle_amf_info resource consumption

CVSS 5.3 MEDIUMEPSS 0.3%CWE-400CWE-404
A vulnerability was determined in Open5GS up to 2.7.7. This affects the function handle_amf_info in the library /lib/sbi/nnrf-handler.c of the component nf-instances Endpoint. Executing a manipulation of the argument nf_info_pool can lead to resource consumption. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. Applying a patch is advised to resolve this issue. The issue report is flagged as already-fixed.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
Affected products
n/a · Open5GS
public PoCs found1
cve_referencegithub.com/open5gs/open5gs/issues/4480unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/open5gs/open5gs/https://github.com/open5gs/open5gs/issues/4480https://vuldb.com/submit/818598https://vuldb.com/vuln/367409https://vuldb.com/vuln/367409/cti