Open5GS delete Endpoint sm-sm.c pcf_npcf_smpolicycontrol_handle_delete denial of service_CVE-2026-8225

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was identified in Open5GS up to 2.7.7. This affects the function pcf_npcf_smpolicycontrol_handle_delete of the file src/pcf/sm-sm.c of the component delete Endpoint. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

Basic Information

ID CVE-2026-8225

Source VulDB

Published May 10, 2026 at 03:15

Affected Product

Vendor n/a

Product Open5GS

Version 2.7.0

Affected Versions n/a Open5GS 2.7.0
n/a Open5GS 2.7.1
n/a Open5GS 2.7.2
n/a Open5GS 2.7.3
n/a Open5GS 2.7.4
n/a Open5GS 2.7.5
n/a Open5GS 2.7.6
n/a Open5GS 2.7.7

CWE Classification

CWE-404

References

{
    "lastseen": "",
    "description": "A vulnerability was identified in Open5GS up to 2.7.7. This affects the function pcf_npcf_smpolicycontrol_handle_delete of the file src/pcf/sm-sm.c of the component delete Endpoint. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.",
    "published": "2026-05-10T03:15:08.948Z",
    "modified": "2026-05-10T03:15:08.948Z",
    "type": "cve",
    "title": "Open5GS delete Endpoint sm-sm.c pcf_npcf_smpolicycontrol_handle_delete denial of service",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/362442\nhttps://vuldb.com/vuln/362442/cti\nhttps://vuldb.com/submit/808444\nhttps://github.com/open5gs/open5gs/issues/4440\nhttps://github.com/open5gs/open5gs/",
    "id": "CVE-2026-8225",
    "bulletinFamily": "",
    "cwe": [
        "CWE-404"
    ],
    "cvelist": null,
    "sourceData": "n/a Open5GS 2.7.0\nn/a Open5GS 2.7.1\nn/a Open5GS 2.7.2\nn/a Open5GS 2.7.3\nn/a Open5GS 2.7.4\nn/a Open5GS 2.7.5\nn/a Open5GS 2.7.6\nn/a Open5GS 2.7.7",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Open5GS",
    "version": "2.7.0",
    "vendor": "n/a",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}