CVE-2026-8728
Last modified
CVE-2026-8728 is a low-severity vulnerability rated 2.1/10 on the CVSS scale. A security vulnerability has been detected in Open5GS up to 2.7.7. The impacted element is the function ogs_sbi_discovery_option_parse_plmn_list in the library /lib/sbi/conv.c of the component NRF. EPSS estimates a 0.39% chance of exploitation in the next 30 days.
Description
A security vulnerability has been detected in Open5GS up to 2.7.7. The impacted element is the function ogs_sbi_discovery_option_parse_plmn_list in the library /lib/sbi/conv.c of the component NRF. Such manipulation of the argument target-plmn-list leads to denial of service. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Open5gs | Open5gs | <= 2.7.7 |
References
- https://github.com/open5gs/open5gs/issues/4458Exploit, Issue Tracking
- https://vuldb.com/submit/808510Third Party Advisory, VDB Entry
- https://vuldb.com/submit/808511Third Party Advisory, VDB Entry
- https://vuldb.com/vuln/364317Third Party Advisory, VDB Entry
- https://vuldb.com/vuln/364317/ctiPermissions Required, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-8728?
How severe is CVE-2026-8728?
How do I fix CVE-2026-8728?
Are you affected by CVE-2026-8728?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST