Open5GS — Vulnerabilities & Security Advisories 75

All 75 CVE vulnerabilities found in Open5GS, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-1736	Open5GS SGWC s11-handler.c assertion CWE-617	5.3	Medium	2026-02-02
CVE-2026-1587	Open5GS SGWC s11-handler.c sgwc_s11_handle_modify_bearer_request denial of service CWE-404	5.3	Medium	2026-01-29
CVE-2026-1586	Open5GS SGWC s11-handler.c ogs_gtp2_f_teid_to_ip denial of service CWE-404	5.3	Medium	2026-01-29
CVE-2026-1522	Open5GS SGWC s5c-handler.c sgwc_s5c_handle_modify_bearer_response denial of service CWE-404	5.3	Medium	2026-01-28
CVE-2026-1521	Open5GS SGWC s5c-handler.c denial of service CWE-404	5.3	Medium	2026-01-28
CVE-2026-0622	Open 5GS WebUI uses a hard-coded JWT signing key	9.1^AI	Critical^AI	2026-01-20
CVE-2025-15539	Open5GS sgwc s11-handler.c sgwc_s11_handle_downlink_data_notification_ack denial of service CWE-404	5.3	Medium	2026-01-18
CVE-2025-15532	Open5GS Timer resource consumption CWE-400	5.3	Medium	2026-01-17
CVE-2025-15531	Open5GS context.c sgwc_bearer_add assertion CWE-617	5.3	Medium	2026-01-17
CVE-2025-15530	Open5GS s11-handler.c assertion CWE-617	5.3	Medium	2026-01-17
CVE-2025-15529	Open5GS s5c-handler.c sgwc_s5c_handle_create_session_response denial of service CWE-404	5.3	Medium	2026-01-16
CVE-2025-15528	Open5GS GTPv2 Bearer Response denial of service CWE-404	5.3	Medium	2026-01-16
CVE-2025-15419	Open5GS GTPv2-C Flow s5c-handler.c sgwc_s5c_handle_create_session_response denial of service CWE-404	3.3	Low	2026-01-02
CVE-2025-15418	Open5GS Bearer QoS IE Length types.c ogs_gtp2_parse_bearer_qos denial of service CWE-404	3.3	Low	2026-01-01
CVE-2025-15417	Open5GS GTPv2-C F-TEID s11-handler.c sgwc_s11_handle_create_session_request denial of service CWE-404	3.3	Low	2026-01-01
CVE-2025-15176	Open5GS PFCP Session Establishment Request rule-match.c ogs_pfcp_pdr_rule_find_by_packet assertion CWE-617	5.3	Medium	2025-12-29
CVE-2025-14955	Open5GS PFCP handler.c ogs_pfcp_handle_create_pdr initialization CWE-665	3.7	Low	2025-12-19
CVE-2025-14954	Open5GS QER/FAR/URR/PDR context.c ogs_pfcp_qer_find_or_add assertion CWE-617	3.7	Low	2025-12-19
CVE-2025-14953	Open5GS FAR-ID handler.c ogs_pfcp_handle_create_pdr null pointer dereference CWE-476	3.1	Low	2025-12-19
CVE-2025-41068	Reachable Assertion vulnerability in Open5GS CWE-617	7.5^AI	High^AI	2025-10-27
CVE-2025-41067	Reachable Assertion vulnerability in Open5GS CWE-617	7.5^AI	High^AI	2025-10-27
CVE-2025-9405	Open5GS gmm-sm.c gmm_state_exception assertion CWE-617	5.3	Medium	2025-08-25
CVE-2025-8805	Open5GS SMF gsm-sm.c smf_gsm_state_wait_pfcp_deletion denial of service CWE-404	5.3	Medium	2025-08-10
CVE-2025-8804	Open5GS AMF ngap_build_downlink_nas_transport assertion CWE-617	5.3	Medium	2025-08-10
CVE-2025-8803	Open5GS AMF gmm-sm.c gmm_state_exception denial of service CWE-404	5.3	Medium	2025-08-10
CVE-2025-8802	Open5GS SMF smf-sm.c smf_state_operational denial of service CWE-404	5.3	Medium	2025-08-10
CVE-2025-8801	Open5GS AMF gmm-sm.c gmm_state_exception denial of service CWE-404	5.3	Medium	2025-08-10
CVE-2025-8800	Open5GS AMF esm-handler.c esm_handle_pdn_connectivity_request denial of service CWE-404	5.3	Medium	2025-08-10
CVE-2025-8799	Open5GS AMF npcf-build.c amf_nsmf_pdusession_build_create_sm_context denial of service CWE-404	5.3	Medium	2025-08-10
CVE-2025-8698	Open5GS AMF Service nsmf-handler.c amf_nsmf_pdusession_handle_release_sm_context assertion CWE-617	3.3	Low	2025-08-07

All 75 known CVE vulnerabilities affecting Open5GS with full Chinese analysis, references, and POCs where available.

Goal Reached Thanks to every supporter — we hit 100%!

Open5GS — Vulnerabilities & Security Advisories 75