These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A low-severity resource consumption vulnerability exists in Open5GS up to version 2.7.7, specifically within the handle_amf_info function in /lib/sbi/nnrf-handler.c. The nf-instances endpoint is affected by manipulation of the nf_info_pool argument, which can be exploited remotely to cause resource exhaustion. The issue has been publicly disclosed with a published exploit, though the report is flagged as [truncated]
A remotely exploitable denial-of-service weakness exists in Open5GS through version 2.7.7, specifically within the ogs_pool_id_calloc function in /lib/sbi/nghttp2-server.c. The vulnerability has been publicly disclosed with exploit availability noted, though CVSS 4.0 scoring indicates LOW severity (2.1). The issue is classified under CWE-404 (Improper Resource Shutdown or Release). The CVE record was publ [truncated]
A low-severity out-of-bounds write vulnerability exists in Open5GS versions up to 2.7.7, specifically within the handle_scp_info function in lib/sbi/nnrf-handler.c. The flaw resides in the Shared NF-profile Parser component and can be triggered remotely. The issue has been publicly disclosed, with exploit availability noted. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no pr [truncated]
CVE-2026-8746 describes a remote use-after-free affecting Open5GS up to version 2.7.7 in the NRF component’s discover_handler function. The record rates the issue as low severity, but it is network-exposed and potentially relevant for any deployment that exposes Open5GS SBI/NRF services. The source description also says a public exploit has been released and that the project was informed early via an issu [truncated]
CVE-2026-8745 describes a remote denial-of-service issue in Open5GS AUSF, affecting versions up to 2.7.7. The source corpus ties the flaw to ogs_timer_add in src/ausf/nausf-handler.c and classifies it as a low-severity availability impact issue. The record also says the project was notified early via an issue report and had not responded at the time of publication.
CVE-2026-8744 affects Open5GS NRF logic in /lib/sbi/context.c and can be triggered remotely to cause denial of service. The CVE description ties the issue to ogs_sbi_subscription_data_add and ogs_sbi_nf_service_add, and states that a public exploit disclosure exists. Even though the assigned CVSS score is low, exposed Open5GS NRF deployments should treat this as a real operational risk because availabilit [truncated]
CVE-2026-8743 is a remote improper-authorization issue in Open5GS AMF/MME context handling, specifically in ran_ue_find_by_amf_ue_ngap_id within src/amf/context.c. The supplied description says versions up to 2.7.6 are affected and that a public exploit exists, so this should be treated as a real exposure even though the published CVSS score is low (2.1).
CVE-2026-8731 describes a denial-of-service flaw in Open5GS’s NRF component, specifically in ogs_sbi_client_add within lib/sbi/client.c. The issue is reported as remotely reachable, publicly disclosed, and tied to manipulation of client_pool, with the supplied NVD record assigning CWE-404 and a low CVSS 4.0 score of 2.1.
CVE-2026-8730 is a low-severity denial-of-service issue in Open5GS’s NRF component. According to the published record, manipulating the nfInstanceId argument in ogs_sbi_nf_instance_set_id can disrupt service remotely, and an exploit has already been published. The issue is reported to affect Open5GS up to version 2.7.6.
CVE-2026-8729 is a remote denial-of-service issue reported in Open5GS NRF code, affecting versions up to 2.7.7. The source description says manipulation of the service-names/snssais arguments in /lib/sbi/message.c can disrupt service, and that a public exploit exists. Because the affected component is part of the NRF path, operators should treat exposed or production Open5GS deployments as potentially imp [truncated]
CVE-2026-8728 describes a denial-of-service condition in Open5GS’s NRF component, specifically in ogs_sbi_discovery_option_parse_plmn_list within lib/sbi/conv.c. According to the CVE record, malformed manipulation of the target-plmn-list argument can be used remotely to disrupt service. The record also says the issue was disclosed publicly and that the project had been informed early through an issue repo [truncated]
CVE-2026-8123 is a low-severity but operationally relevant denial-of-service issue in Open5GS up to 2.7.7. According to the NVD record, the affected path is ogs_sbi_discovery_option_add_snssais in /lib/sbi/message.c within the NSSF component, and the issue can be triggered remotely. The record also notes that exploit details have been publicly disclosed and that the project was notified early via an issue report.
CVE-2026-8122 is a denial-of-service issue reported in Open5GS NSSF, specifically in ogs_sbi_discovery_option_add_service_names within /lib/sbi/message.c. The supplied record says affected versions extend through 2.7.7, the attack can be performed remotely, and a public exploit has been referenced. NVD has analyzed the issue and assigns a low availability impact in its CVSS v4.0 vector, but the combinatio [truncated]