CVE-2026-10156 Open5GS CVE debrief

Who should care

Organizations operating Open5GS-based 5G core networks, particularly those exposing SBI interfaces to broader networks or multi-tenant environments where low-privileged access may be available to potential attackers.

Technical summary

The vulnerability resides in the handle_amf_info function within /lib/sbi/nnrf-handler.c of Open5GS versions up to 2.7.7. The nf-instances endpoint accepts manipulated nf_info_pool arguments that can trigger uncontrolled resource consumption. Remote attackers with low privileges can exploit this without user interaction, causing availability degradation. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VA:L) reflects network accessibility, low complexity, and low availability impact. The issue is classified under CWE-400 and CWE-404, indicating both uncontrolled resource consumption and improper resource shutdown weaknesses.

Defensive priority

low

Recommended defensive actions

• Upgrade Open5GS to a version beyond 2.7.7 or apply available patches addressing the nf_info_pool resource consumption issue in /lib/sbi/nnrf-handler.c
• Monitor nf-instances endpoint for anomalous resource consumption patterns that may indicate exploitation attempts
• Review and implement rate limiting or input validation controls for SBI interface requests to the NRF handler
• Verify fix status through vendor channels given the issue is flagged as already-fixed
• Assess exposure of Open5GS SBI interfaces to untrusted networks and restrict access where possible

Evidence notes

Vulnerability affects Open5GS handle_amf_info function in nf-instances endpoint; remote exploitation possible via nf_info_pool manipulation. Issue report flagged as already-fixed. CVSS 4.0 score 2.1 (LOW).

Official resources