PatchSiren cyber security CVE debrief

CVE-2026-8745 Open5gs CVE debrief

CVE-2026-8745 describes a remote denial-of-service issue in Open5GS AUSF, affecting versions up to 2.7.7. The source corpus ties the flaw to ogs_timer_add in src/ausf/nausf-handler.c and classifies it as a low-severity availability impact issue. The record also says the project was notified early via an issue report and had not responded at the time of publication.

Vendor: Open5gs
Product: Unknown
CVSS: LOW 2.1
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-05-17
Original CVE updated: 2026-05-18
Advisory published: 2026-05-17
Advisory updated: 2026-05-18

Who should care

Operators and maintainers of Open5GS deployments, especially environments exposing the AUSF authentication service to untrusted networks, should review this CVE. Security teams responsible for service availability and change management should also track it.

Technical summary

The supplied NVD/CNA metadata indicates a remotely reachable weakness in Open5GS AUSF involving ogs_timer_add in src/ausf/nausf-handler.c. The reported impact is denial of service, with the CNA mapping it to CWE-404. The CVSS vector in the source reflects network reachability, low attack complexity, no user interaction, and availability impact only.

Defensive priority

Moderate for internet-exposed or mission-critical Open5GS AUSF deployments; lower priority where exposure is tightly restricted and availability impact is limited.

Recommended defensive actions

Inventory Open5GS instances and confirm whether any deployments are running version 2.7.7 or earlier.
Check whether the AUSF component is reachable from untrusted networks and reduce exposure where possible.
Monitor the project repository and CVE/NVD records for a fix, maintainer response, or updated guidance.
Apply an upstream patch or upgrade as soon as an affected version is released; no fix is included in the supplied corpus.
Add availability monitoring and alerting for AUSF service instability or unexpected restarts.
Track issue report 4472 and related advisories for confirmation of remediation status.

Evidence notes

This debrief is based only on the supplied source corpus: the NVD modified record for CVE-2026-8745 and its CNA-provided metadata, which names Open5GS, the AUSF component, ogs_timer_add in src/ausf/nausf-handler.c, versions up to 2.7.7, CWE-404, remote DoS impact, and issue #4472 as the early report. The corpus also includes references to the Open5GS repository and VulDB pages. The claim that a public exploit is available is present in the provided CVE description but was not independently verified here.

Official resources

CVE-2026-8745 CVE record
CVE.org
CVE-2026-8745 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected] - Product
Source reference
[email protected] - Exploit, Issue Tracking
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Source reference
[email protected] - Permissions Required, VDB Entry

The CVE record is published with a timestamp of 2026-05-17T10:16:36.900Z. The provided source notes that the project was informed early via an issue report and had not responded yet at the time of the record. This debrief does not add anyly