CVE-2026-4988

medium

Description

A security flaw has been discovered in Open5GS 2.7.6. This issue affects the function smf_gx_cca_cb/smf_gy_cca_cb/smf_s6b of the component CCA Message Handler. The manipulation results in denial of service. The attack may be launched remotely. Attacks of this nature are highly complex. The exploitability is assessed as difficult. The exploit has been released to the public and may be used for attacks.

References

https://vuldb.com/?id.353875

https://github.com/open5gs/open5gs/issues/4342#issue-4021772232

https://vuldb.com/?submit.771349

https://vuldb.com/?ctiid.353875

https://github.com/open5gs/open5gs/issues/4342

https://github.com/open5gs/open5gs/

Details

Source: Mitre, NVD

Published: 2026-03-27

Updated: 2026-03-30

Risk Information

CVSS v2

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P

Severity: Low

CVSS v3

Base Score: 5.9

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

CVSS v4

Base Score: 6.3

Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.00057