CVE-2026-2523— Open5GS SMF gn-handler.c smf_gn_handle_create_pdp_context_request assertion
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-2523
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Open5GS SMF gn-handler.c smf_gn_handle_create_pdp_context_request assertion
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability was detected in Open5GS up to 2.7.6. The affected element is the function smf_gn_handle_create_pdp_context_request of the file /src/smf/gn-handler.c of the component SMF. The manipulation results in reachable assertion. It is possible to launch the attack remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
可达断言
Source: NVD (National Vulnerability Database)
Vulnerability Title
Open5GS 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Open5GS是Open5GS开源的一个 5G Core 和 Epc 的 C 语言开源实现,即 Lte/Nr 网络的核心网络。 Open5GS 2.7.6及之前版本存在安全漏洞,该漏洞源于对组件SMF中文件/src/smf/gn-handler.c的函数smf_gn_handle_create_pdp_context_request的错误操作,可能导致可达断言。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | Open5GS | 2.7.0 | cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:* |
II. Public POCs for CVE-2026-2523
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-2523
Please Login to view more intelligence information
- CVE-2026-2523 Open5GS SMF gn-handler.c smf_gn_handle_create_pdp_context_request assertion (Issue 4285 / EUVD-2026-6136)vdb-entrytechnical-description
- https://nvd.nist.gov/vuln/detail/CVE-2026-2523
Same Patch Batch · n/a · 2026-02-16 · 17 CVEs total
| CVE-2026-2542 | 7.0 HIGH | Total VPN win-service.exe unquoted search path |
| CVE-2026-2558 | 6.3 MEDIUM | GeekAI net_handler.go Download server-side request forgery |
| CVE-2026-2556 | 6.3 MEDIUM | cskefu Endpoint MediaController.java server-side request forgery |
| CVE-2026-2531 | 6.3 MEDIUM | MindsDB File Upload security.py clear_filename server-side request forgery |
| CVE-2026-2552 | 5.5 MEDIUM | ZenTao Editor control.php delete path traversal |
| CVE-2026-2551 | 5.4 MEDIUM | ZenTao Backup control.php delete path traversal |
| CVE-2026-2525 | 5.3 MEDIUM | Free5GC PFCP UDP Endpoint denial of service |
| CVE-2026-2524 | 5.3 MEDIUM | Open5GS MME mme_s11_handle_create_session_response denial of service |
| CVE-2026-2555 | 5.0 MEDIUM | JeecgBoot Retrieval-Augmented Generation AiragKnowledgeController.java importDocumentFromZ |
| CVE-2026-2557 | 3.5 LOW | cskefu File Upload MediaController.java upload cross site scripting |
| CVE-2026-2547 | 3.5 LOW | LigeroSmart index.pl AgentDashboard cross site scripting |
| CVE-2026-2546 | 3.5 LOW | LigeroSmart index.pl cross site scripting |
| CVE-2026-2545 | 3.5 LOW | LigeroSmart index.pl cross site scripting |
| CVE-2025-65716 | Markdown Preview Enhanced 安全漏洞 | |
| CVE-2025-65715 | Code Runner 安全漏洞 | |
| CVE-2025-65717 | Live Server 安全漏洞 |
IV. Related Vulnerabilities
Same product: Open5GS
- CVE-2026-8123
Open5GS NSSF message.c ogs_sbi_discovery_option_add_snssais - CVE-2026-8122
Open5GS NSSF message.c ogs_sbi_discovery_option_add_service_ - CVE-2026-8121
Open5GS NSSF conv.c ogs_sbi_parse_plmn_list denial of servic - CVE-2026-8120
Open5GS NSSF nnssf-handler.c denial of service - CVE-2026-8119
Open5GS NSSF nghttp2-server.c ogs_sbi_stream_find_by_id deni
Same vendor: n/a
- CVE-2026-6667
PgBouncer missing authorization check in KILL_CLIENT admin c - CVE-2026-6666
PgBouncer crash in kill_pool_logins_server_error - CVE-2026-6665
PgBouncer buffer overflow in SCRAM - CVE-2026-6664
PgBouncer integer overflow in PgBouncer network packet parsi - CVE-2026-8127
eladmin Users API Endpoint UserController.java checkLevel ac
Same weakness: CWE-617
- CVE-2026-41584
ZEBRA: rk Identity Point Panic in Transaction Verification - CVE-2026-20450
Qualcomm Modem MSV-6100远程拒绝服务漏洞 - CVE-2026-41485
Kyverno Controller Denial of Service via forEach Mutation Pa - CVE-2026-34067
nimiq-transaction vulnerable to panic via `HistoryTreeProof` - CVE-2026-34063
network-libp2p: Peer can crash the node by opening discovery
V. Comments for CVE-2026-2523
No comments yet