PatchSiren cyber security CVE debrief
CVE-2026-10114 Open5GS CVE debrief
A low-severity out-of-bounds write vulnerability exists in Open5GS versions up to 2.7.7, specifically within the handle_scp_info function in lib/sbi/nnrf-handler.c. The flaw resides in the Shared NF-profile Parser component and can be triggered remotely. The issue has been publicly disclosed, with exploit availability noted. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no privileges required, and low availability impact. CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-787 (Out-of-bounds Write) are identified as relevant weakness classifications. The CVE was published on 2026-05-30 and last modified on 2026-06-02, with current vulnerability status listed as Deferred in the NVD. Vendor attribution remains under review with low confidence based on reference domain analysis.
- Vendor
- Open5GS
- Product
- Open5GS core network software (versions up to 2.7.7)
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-30
- Original CVE updated
- 2026-06-02
- Advisory published
- 2026-05-30
- Advisory updated
- 2026-06-02
Who should care
Organizations operating Open5GS-based 5G core networks, telecommunications infrastructure providers, mobile network operators deploying open-source 5G cores, security teams responsible for telecom infrastructure, and researchers studying 5G core security
Technical summary
The vulnerability is an out-of-bounds write in the handle_scp_info function located in lib/sbi/nnrf-handler.c of Open5GS versions up to 2.7.7. This function is part of the Shared NF-profile Parser component, which processes Network Function profile information in the Service-Based Interface (SBI). The flaw can be triggered by remote attackers sending crafted NF profile data, resulting in memory corruption. The CVSS 4.0 score of 2.1 (LOW severity) reflects limited impact scope, with the primary impact being low availability impact. The attack requires network access but no user interaction. Public exploit disclosure increases practical risk despite the low severity score. The vulnerability status in NVD is currently Deferred, indicating the entry may be awaiting further analysis or vendor coordination.
Defensive priority
low
Recommended defensive actions
- Apply vendor-supplied patch for Open5GS when available, as patching is explicitly recommended in the CVE description
- Monitor Open5GS GitHub repository for security updates and patch releases addressing this vulnerability
- Restrict network access to Open5GS NRF/SBI interfaces to trusted administrative hosts where architecture permits
- Review and validate NF profile data from untrusted network functions before processing
- Enable memory safety mitigations (ASLR, stack canaries) on Open5GS deployment hosts
- Monitor for anomalous crashes or restarts in Open5GS services that could indicate exploitation attempts
Evidence notes
Vulnerability description sourced from official CVE record and NVD entry. Affected function handle_scp_info and file path lib/sbi/nnrf-handler.c confirmed in source metadata. CVSS 4.0 vector and weakness enumerations (CWE-119, CWE-787) derived from NVD source item. Exploit public disclosure status and remote attack vector noted in source metadata. Vendor attribution marked as low confidence requiring review.
Official resources
public