CVE-2026-2521— Open5GS SGW-C sgwc_s5c_handle_create_session_response memory corruption
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-2521
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Open5GS SGW-C sgwc_s5c_handle_create_session_response memory corruption
Source: NVD (National Vulnerability Database)
Vulnerability Description
A weakness has been identified in Open5GS up to 2.7.6. This issue affects the function sgwc_s5c_handle_create_session_response of the component SGW-C. Executing a manipulation can lead to memory corruption. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
内存缓冲区边界内操作的限制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Open5GS 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Open5GS是Open5GS开源的一个 5G Core 和 Epc 的 C 语言开源实现,即 Lte/Nr 网络的核心网络。 Open5GS 2.7.6及之前版本存在安全漏洞,该漏洞源于对组件SGW-C中函数sgwc_s5c_handle_create_session_response的错误操作,可能导致内存损坏。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | Open5GS | 2.7.0 | cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:* |
II. Public POCs for CVE-2026-2521
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-2521
Please Login to view more intelligence information
Same Patch Batch · n/a · 2026-02-15 · 3 CVEs total
| CVE-2026-2522 | 5.3 MEDIUM | Open5GS MME esm-build.c memory corruption |
| CVE-2026-2517 | 5.3 MEDIUM | Open5GS SMF types.c ogs_gtp2_parse_tft denial of service |
IV. Related Vulnerabilities
Same product: Open5GS
- CVE-2026-8123
Open5GS NSSF message.c ogs_sbi_discovery_option_add_snssais - CVE-2026-8122
Open5GS NSSF message.c ogs_sbi_discovery_option_add_service_ - CVE-2026-8121
Open5GS NSSF conv.c ogs_sbi_parse_plmn_list denial of servic - CVE-2026-8120
Open5GS NSSF nnssf-handler.c denial of service - CVE-2026-8119
Open5GS NSSF nghttp2-server.c ogs_sbi_stream_find_by_id deni
Same vendor: n/a
- CVE-2026-6667
PgBouncer missing authorization check in KILL_CLIENT admin c - CVE-2026-6666
PgBouncer crash in kill_pool_logins_server_error - CVE-2026-6665
PgBouncer buffer overflow in SCRAM - CVE-2026-6664
PgBouncer integer overflow in PgBouncer network packet parsi - CVE-2026-8127
eladmin Users API Endpoint UserController.java checkLevel ac
Same weakness: CWE-119
- CVE-2026-22167
GPU DDK - Cache resident PM buffers writable by other GPU re - CVE-2026-27890
Firebird has Pre-Auth DOS when Processing Out of Order CNCT_ - CVE-2026-34864
Huawei HarmonyOS 安全漏洞 - CVE-2026-4149
Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code - CVE-2026-34988
Wasmtime leaks data between pooling allocator instances
V. Comments for CVE-2026-2521
No comments yet