PatchSiren cyber security CVE debrief
CVE-2026-8743 Open5gs CVE debrief
CVE-2026-8743 is a remote improper-authorization issue in Open5GS AMF/MME context handling, specifically in ran_ue_find_by_amf_ue_ngap_id within src/amf/context.c. The supplied description says versions up to 2.7.6 are affected and that a public exploit exists, so this should be treated as a real exposure even though the published CVSS score is low (2.1).
- Vendor
- Open5gs
- Product
- Unknown
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-17
- Original CVE updated
- 2026-05-19
- Advisory published
- 2026-05-17
- Advisory updated
- 2026-05-19
Who should care
Teams operating Open5GS 5G core deployments, especially AMF/MME components and any environment that accepts untrusted or less-trusted signaling traffic, should review this promptly.
Technical summary
The CVE record describes an improper-authorization condition in Open5GS's AMF/MME code path for ran_ue_find_by_amf_ue_ngap_id. Based on the supplied record, the issue is remotely reachable and can be triggered through manipulation of inputs that influence UE-ID lookup/authorization behavior. The NVD record attributes the finding to CWE-266 and CWE-285, and the source reference set points to an upstream patch commit and related issue/PR in the Open5GS repository.
Defensive priority
Patch soon if Open5GS AMF/MME is deployed. The published CVSS is low, but the flaw is remotely reachable and the source description notes a public exploit, which raises operational urgency.
Recommended defensive actions
- Apply the upstream fix referenced by commit 5746b8576cfceec18ed87eb7d8cf11b1fb4cd8b1, or upgrade to a version that includes it.
- Inventory all Open5GS deployments and confirm whether AMF/MME is in scope for your environment.
- Review exposure of 5G core signaling paths and limit access to trusted peers where possible.
- Monitor for unusual authorization failures, unexpected UE-context lookups, or anomalous AMF/MME behavior.
- Validate vendor guidance, release notes, or backport availability before scheduling maintenance in production environments.
Evidence notes
The supplied source corpus includes the CVE description, NVD record, and official repository references. Those sources consistently identify Open5GS AMF/MME, the function ran_ue_find_by_amf_ue_ngap_id in src/amf/context.c, affected versions up to 2.7.6, remote attackability, and a public-exploit claim. The patch reference is the upstream commit 5746b8576cfceec18ed87eb7d8cf11b1fb4cd8b1; related issue and pull request links are also included in the reference set. No exploit details are included here.
Official resources
-
CVE-2026-8743 CVE record
CVE.org
-
CVE-2026-8743 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
[email protected] - Product
-
Mitigation or vendor reference
[email protected] - Patch
-
Source reference
[email protected] - Exploit, Issue Tracking
-
Mitigation or vendor reference
[email protected] - Issue Tracking, Patch
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
-
Source reference
[email protected] - Permissions Required, VDB Entry
Published and modified on 2026-05-17. The source description states the issue is remotely reachable and that exploit code had been made public.