PatchSiren cyber security CVE debrief
CVE-2026-8728 Open5gs CVE debrief
CVE-2026-8728 describes a denial-of-service condition in Open5GS’s NRF component, specifically in ogs_sbi_discovery_option_parse_plmn_list within lib/sbi/conv.c. According to the CVE record, malformed manipulation of the target-plmn-list argument can be used remotely to disrupt service. The record also says the issue was disclosed publicly and that the project had been informed early through an issue report but had not responded at the time of publication.
- Vendor
- Open5gs
- Product
- Unknown
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-17
- Original CVE updated
- 2026-05-18
- Advisory published
- 2026-05-17
- Advisory updated
- 2026-05-18
Who should care
Operators and maintainers of Open5GS deployments, especially environments using the NRF component and any workflows that parse target-plmn-list inputs. Teams responsible for internet-reachable core network services should review exposure quickly.
Technical summary
The official record and supplied description identify a parsing weakness in Open5GS NRF discovery option handling. The affected function is ogs_sbi_discovery_option_parse_plmn_list in /lib/sbi/conv.c. An attacker who can reach the relevant interface can manipulate target-plmn-list to cause denial of service. The NVD metadata classifies the issue as low severity with network attack vector and service availability impact, and lists CWE-404.
Defensive priority
Moderate: the CVSS score is low, but the issue is remotely reachable and the description says a public exploit disclosure exists. Prioritize validation and exposure review for any Open5GS NRF deployments.
Recommended defensive actions
- Identify whether Open5GS is deployed and whether the NRF component is enabled in your environment.
- Check whether your installed Open5GS version is at or below 2.7.7, as stated in the CVE description.
- Review any externally reachable paths that accept discovery-related input, including target-plmn-list handling.
- Monitor for crashes, restarts, or service instability in NRF-related logs and process supervision.
- Track vendor and project communications for a fix or guidance before making configuration changes in production.
- If exposure is confirmed, reduce access to the affected service until an update or mitigation is available.
Evidence notes
This debrief is based only on the supplied NVD CVE metadata and the referenced URLs listed in that record. The description provided in the corpus states the affected function, the input name, remote DoS impact, public exploit disclosure, and lack of project response. No patch advisory text or remediation details were supplied in the corpus, so no fix status is asserted here.
Official resources
-
CVE-2026-8728 CVE record
CVE.org
-
CVE-2026-8728 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
[email protected] - Product
-
Source reference
[email protected] - Exploit, Issue Tracking
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
-
Source reference
[email protected] - Permissions Required, VDB Entry
CVE published on 2026-05-17, with the NVD source item carrying the same publication and modification timestamp. The supplied description says the issue was reported early via an issue report and that a public exploit disclosure exists.