CVE-2026-8224 Vuldb CVE debrief

Who should care

Operators and defenders running Open5GS, especially environments exposing the PCF component or relying on mobile-core availability. Network teams and incident responders should also pay attention because the impact is service disruption rather than data theft.

Technical summary

The supplied source data describes a flaw in Open5GS PCF’s pcf_sess_set_ipv6prefix function where a crafted SmPolicyContextData.ipv6AddressPrefix value can trigger a denial of service remotely. The NVD-supplied vector indicates a network-reachable attack with no privileges or user interaction required and low availability impact; the supplied CNA metadata maps the issue to CWE-404.

Defensive priority

Medium: remotely triggerable service disruption in a core network component, with public disclosure noted in the supplied record.

Recommended defensive actions

• Treat Open5GS deployments at version 2.7.7 and earlier as affected until a vendor-fixed release is confirmed.
• Monitor the upstream Open5GS repository and issue tracker for an official fix or mitigation guidance.
• Restrict exposure of PCF-facing network paths to trusted peers and minimize unnecessary external reachability.
• Watch for PCF process crashes, restarts, or abnormal session-policy handling that may indicate attempted triggering.
• If you cannot upgrade immediately, apply compensating controls such as segmentation, tight ACLs, and enhanced service monitoring.
• Validate any deployment-specific inputs or policy plumbing that reaches SmPolicyContextData.ipv6AddressPrefix, using vendor guidance rather than ad hoc changes.

Evidence notes

This debrief is based only on the supplied corpus: an NVD modified-feed entry for CVE-2026-8224 and its referenced VulDB/CVE links. The corpus states the affected function, remote DoS impact, version scope (up to 2.7.7), and that the exploit was publicly disclosed; it does not include a vendor advisory or code diff, so no fix version is asserted here.

Official resources