PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-8729 Open5gs CVE debrief

CVE-2026-8729 is a remote denial-of-service issue reported in Open5GS NRF code, affecting versions up to 2.7.7. The source description says manipulation of the service-names/snssais arguments in /lib/sbi/message.c can disrupt service, and that a public exploit exists. Because the affected component is part of the NRF path, operators should treat exposed or production Open5GS deployments as potentially impacted until the project publishes a fix or clear mitigation guidance.

Vendor
Open5gs
Product
Unknown
CVSS
LOW 2.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-17
Original CVE updated
2026-05-18
Advisory published
2026-05-17
Advisory updated
2026-05-18

Who should care

Open5GS operators and integrators, especially teams running the NRF service in production or exposing Open5GS management/signaling interfaces to untrusted networks. Security teams responsible for telecom/core network availability should also prioritize review because the issue is remotely triggerable and publicly disclosed.

Technical summary

The source record attributes CVE-2026-8729 to Open5GS up to 2.7.7 and points to /lib/sbi/message.c in the NRF component. The described trigger is manipulation of the service-names/snssais arguments, which can lead to denial of service. The NVD-recorded CVSS v4 vector indicates network attack vector, low attack complexity, low privileges required, and loss of availability rather than confidentiality or integrity. The record also lists CWE-404 as the primary weakness.

Defensive priority

Moderate. The CVSS score is low, but the issue is remotely reachable and the source says a public exploit exists, so availability risk may be immediate for exposed deployments.

Recommended defensive actions

  • Inventory Open5GS deployments and confirm whether any instance runs version 2.7.7 or earlier.
  • Review the Open5GS NRF exposure surface and restrict network access to trusted management or service networks where possible.
  • Monitor Open5GS instances for unexpected NRF crashes, restarts, or availability degradation.
  • Track the Open5GS repository and issue references for an upstream fix or official mitigation guidance before upgrading in production.
  • If you maintain compensating controls, validate request handling and input filtering around service-names/snssais processing in your deployed configuration and surrounding network controls.

Evidence notes

This debrief is based only on the supplied NVD source item and its cited references. The source record states: Open5GS up to 2.7.7 is affected; the vulnerable area is /lib/sbi/message.c in NRF; manipulating service-names/snssais can cause denial of service; the attack is remote; and a public exploit exists. The NVD metadata also includes a CVSS v4 vector showing availability impact only, and CWE-404 as the primary weakness. No patched version, workaround, or confirmation of exploitation in the wild was provided in the supplied corpus.

Official resources

CVE published and modified on 2026-05-17T05:16:16.370Z per the supplied CVE/NVD record. No CISA KEV entry is listed in the supplied data.