Open5GS — Vulnerabilities & Security Advisories 6

Browse all 6 CVE security advisories affecting Open5GS. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Open5GS serves as an open-source implementation of 5G core network functions, enabling telecommunications operators and researchers to deploy 5G infrastructure. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and authentication flaws. The project maintains a moderate security posture with six CVEs recorded, though no major public incidents have been widely reported. Its modular architecture allows for targeted hardening, but default configurations may expose attack surfaces, particularly in web management interfaces and network signaling protocols. Regular updates and careful deployment remain critical for maintaining security in production environments.

Top products by Open5GS: Open5GS

[Bug]: SMF crash on `POST /nsmf-pdusession/v1/sm-contexts` in HR mode with non-full `dnn` · Issue #4450 · open5gs/open5g

HighGHSA-4451-open5gs-open5gs2026-05-11

[Bug]: SMF crash on `POST /nsmf-pdusession/v1/sm-contexts/{smContextRef}/modify` with empty packet-filter content in `n1

[Bug]: SMF crash on H-SMF `201 Created` response with missing `qosFlowsSetupList` · Issue #4449 · open5gs/open5gs

HighGHSA-44472026-05-11

[Bug]: SMF crash on H-SMF `201 Created` response with invalid base64 `qosFlowsSetupList[*].qosRules` · Issue #4447 · ope

HighGHSA-g4g4-g4g4-g4g42026-05-11

[Bug]: SMF crash on H-SMF `201 Created` response with missing `hcnTunnelInfo` · Issue #4448 · open5gs/open5gs

[Bug]: SMF crash on `POST /nsmf-pdusession/v1/pdu-sessions` with missing `vcnTunnelInfo` · Issue #4446 · open5gs/open5gs

Criticalopen5gs/open5gs#44452026-05-11

[Bug]: SMF crash on `POST /nsmf-callback/v1/sm-policy-notify/{smContextRef}/update` with oversized `pccRules` · Issue #4

[Bug]: SMF crash on `POST /nsmf-callback/v1/sm-policy-notify/{smContextRef}/update` with `flowInfos[*]` missing `flowDes

[Bug]: SMF crash on `POST /nsmf-callback/v1/sm-policy-notify/{smContextRef}/update` with oversized `flowInfos` · Issue #

Critical2026-05-11

[Bug]: SMF crash on `POST /nsmf-callback/v1/sm-policy-notify/{smContextRef}/update` with invalid `arp.preemptCap` · Issu

[Bug]: PCF method confusion on `GET /npcf-smpolicycontrol/v1/sm-policies/{smPolicyId}/delete` clears the session context

HighGHSA-44412026-05-10

[Bug]: PCF crash in `flow_rx_to_gx()` on malformed `fDescs=["permit in"]` · Issue #4441 · open5gs/open5gs

HighGHSA-44372026-05-10

[Bug]: PCF crash on malformed BSF register `Location` during `POST /npcf-smpolicycontrol/v1/sm-policies` · Issue #4437 ·

HighGHSA-44392026-05-10

[Bug]: PCF crash on `POST /npcf-smpolicycontrol/v1/sm-policies` with non-`/128` `ipv6AddressPrefix` · Issue #4439 · open

CriticalGHSA-4438-open5gs-open5gs2026-05-10

[Bug]: PCF crash on delayed `BSF` discovery response after client disconnect during `POST /npcf-smpolicycontrol/v1/sm-po

[Bug]: UPF (open5gs-upfd) SIGSEGV (exit 139) under crafted GTP-U traffic on UDP/2152 · Issue #4491 · open5gs/open5gs

Medium2026-05-09

sbi: prevent NF crash on callback URI without path component by Noahs212 · Pull Request #4496 · open5gs/open5gs · GitHub

sbi: prevent NF crash on callback URI without path component · open5gs/open5gs@d5bc487 · GitHub

[Bug]: UPF (open5gs-upfd) severe user-plane degradation under abusive GTP-U traffic (hot-path logging + responses) · Iss

[Bug]: NSSF crash on `GET /nnssf-nsselection/v2/network-slice-information` with oversized `snssais` · Issue #4436 · open

Showing up to 20 recent security advisories. View all →

This page lists every published CVE security advisory associated with Open5GS. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.