CVE-2026-8187
Last modified
CVE-2026-8187 is a medium-severity vulnerability rated 6.9/10 on the CVSS scale. A flaw has been found in Open5GS up to 2.7.7. This impacts the function _gtpv1_u_recv_cb of the file src/upf/gtp-path.c of the component UPF. EPSS estimates a 0.64% chance of exploitation in the next 30 days.
Description
A flaw has been found in Open5GS up to 2.7.7. This impacts the function _gtpv1_u_recv_cb of the file src/upf/gtp-path.c of the component UPF. Executing a manipulation can lead to resource consumption. The attack may be performed from remote. The project was informed of the problem early through an issue report but has not responded yet.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Open5gs | Open5gs | <= 2.7.7 |
References
- https://github.com/open5gs/open5gs/issues/4492Exploit, Issue Tracking
- https://vuldb.com/submit/800025Third Party Advisory, VDB Entry
- https://vuldb.com/vuln/362339Third Party Advisory, VDB Entry
- https://vuldb.com/vuln/362339/ctiPermissions Required, VDB Entry
- https://github.com/open5gs/open5gs/issues/4492Exploit, Issue Tracking
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-8187?
How severe is CVE-2026-8187?
How do I fix CVE-2026-8187?
Are you affected by CVE-2026-8187?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST